SDT EventSources

Hi Joe,

This is possible today if you navigate to the Syslog Event source under the device and use the SDT tab and add a new scheduled downtime entry.

https://www.logicmonitor.com/support/devices/devices-page-overview/scheduled-down-time-sdt-tab/

~Forrest

It is possible to add one, but it doesn't actually work. The SDT is applied, but the events keep coming in and generating alerts.

The events will still be collected as an SDT does not stop alerting, but the SDT should cancel your escalations.

It doesn't, we broke the email relay server you use once already when a Tech tried due to a Cisco UC server freaking out and sending thousands.

I'll enter a ticket and get this looked at.

Have you tried enabling rate-limiting?  At least until it all gets sorted out - I'd consider setting up a duplicate escalation chain and an alert rule specifically for some of your syslog eventsources and enable rate-limiting on them.  Before my LogicMonitor days, I had this happen a few times and it sucks dealing with a crippled Exchange server while also trying to work out a firewall issue.  Syslog is unpredictable sometimes.