We monitor an email account via imap. An external check logs in and pulls unread messages. There is a 'Multiple' trigger set up that generates a problem for each new email message. Some of these messages are from the same source (there are host id's in the problem description). When new messages are received, if a problem already exists for a particular host ID, I'd like to dismiss the new alert or, better yet, just append the new data to the existing host's alert.

Event correlation is geared at up/down correlation (there is no 'up' here - everything gets manually cleared). Event aggregation seems concerned more with plotting issues over time. Any suggestions on how this might be achieved?