I am configuring a trigger for a windows event log entry and I am a little confused.
My goal is to get a single alert each time the event is detected in the log so I do not get overwhelmed with alerts.
This is what I have configured so far.
{servername:eventlog[System,,Warning,Tcpip,4231,,skip].logseverity(0)}=2 and {servername:eventlog[System,,Warning,Tcpip,4231,,skip].nodata(180)}<>1
I tested it by manually creating an entry that matched in the event log and it fired and sent me an email. I went and manually closed the problem. But then it fired again a couple of minutes later and auto closed. This time with manual closing greyed out.
Am I configuring this trigger correctly or is there a better way?
My goal is to get a single alert each time the event is detected in the log so I do not get overwhelmed with alerts.
This is what I have configured so far.
{servername:eventlog[System,,Warning,Tcpip,4231,,skip].logseverity(0)}=2 and {servername:eventlog[System,,Warning,Tcpip,4231,,skip].nodata(180)}<>1
I tested it by manually creating an entry that matched in the event log and it fired and sent me an email. I went and manually closed the problem. But then it fired again a couple of minutes later and auto closed. This time with manual closing greyed out.
Am I configuring this trigger correctly or is there a better way?
Comment