NeophyteWhat were planning is to filter out the same alert id from a host, while that host is in alert for that alert id.rni.e. if host A has an event alert ID 3, and is thus in alert for that for the next 60 minutes (which is configurable per event source), then, during that 60 minutes, further occurences of alert ID 3 on host A will be ignored. Once that first alert clears, future event id 3 will trigger another alert.rnThe rationale being if youve been told alert id 3 is occurring, no point in telling you again. You have however long the alert duration is to investigate..rnDoes that make sense from your point of view?
