Alert Creation on Duplicate Event Logs
Hi, I would like to setup a simple analytic rule and trigger an alert on an event with “High Severity” in log analytics table. I will group all events into one alert.
Example:
Logs_CL
| where Category == “High”
The challenge is, the same “high severity log events” gets ingested everyday which is kind of causing duplication of log entries.
What would be the best way to setup this rule to only alert once on these events and do not generate an alert again if the same events get ingested next day?
thanks
Hi, I would like to setup a simple analytic rule and trigger an alert on an event with “High Severity” in log analytics table. I will group all events into one alert.Example:Logs_CL| where Category == “High” The challenge is, the same “high severity log events” gets ingested everyday which is kind of causing duplication of log entries.What would be the best way to setup this rule to only alert once on these events and do not generate an alert again if the same events get ingested next day? thanks Read More