Windows Event Log Correlation


First post and I'm new to LM, though an old hand at monitoring and alerting so be gentle ?

I've searched these forums and found a couple 'feature requests' to be able to alert only if message X appears greater than Y times within Z minutes in the Windows Event Log rather than alerting for every occurrence of message X. None of the posts appear to have a solution... Is this still the case? Either an official solution or a work around?

Many Thanks



3 replies

AFAIK, that's still the case. Workaround is to use an Event Management system with that logic/event handling.

Userlevel 6
Badge +11

Yeah, we ended up having to pay extra for SumoLogic, but could be anything.  Still would be nice to have the barest level of correlation so you could effectively ACK events.

I have heard rumors that functionality like this is gaining traction in the backlog. Having the ability to specify which log event opens the alert, which closes, which counts as an update, etc. Pile on with your CSM. The best way to get features pushed through is to have a bunch of customers asking for it.