If you receive a text message every minute on your mobile phone telling you, the hard disk is 80% full you might be annoyed and it is likely to miss a critical alert in between.
Duplicate Suppression is a powerful tool in Enterprise Alert allowing you to suppress alerts for events coming in over and over again, e.g. an event flood.
Let’s say we have an alert policy and Duplicate Suppression is activated. If multiple events (matching the policy’s conditions) come in within a certain period of time, only the first event will trigger the policy and raise an alert. Subsequent alerts get suppressed.
Only if the time period is over, another event will trigger the alert policy again. Or, if a different event, not matching the duplicate criteria is received within the time period, it will trigger the alert policy as well.
You can activate and configure Duplicate Suppression in the alert policy on the “Conditions” tab under “Duplicate Suppression Activated”.
Get only one Alert – Even if there are Hundreds of same Events
If you click on “Exceptions” you can define the time period as well as the parameters that should be used for the duplicate check.
You can check those parameters that need to change in order to prevent Duplicate Suppression. In the above example new events will not be suppressed if “Computer Domain” or “Computer ID” change for new incoming events. The selected parameters are independent from the conditions of the alert policy.
Duplicate Suppression helps you to only get the alerts you really need.