Hi,
I have a requirement. Please suggest how to proceed further.
In the Alert need to run the search query for every 2 mins but the search query should not run for next 5 mins(given in "Suppress triggering for") which is given in throttling. And added to alert action is added with the severity as "Info".
Result:
Here after saving the Alert the query gets executed for every 2 mins, which is correct as expected but it should not executed the search query for next 5 mins which is given in throttling minutes. But the Added to alert actions executed every 5 mins.
Settings given as below:
Alert Type:Scheduled
Run on Cron Scheduled
Real Time
Cron Expression: */2 * * * *
Trigger Conditions:
Number of Results : is greater than 0
Trigger : Once
Throttle: Checked
Suppress Trigger for: 5 minutes
Trigger Actions:
Add to Trigger Alerts: Info
In shortly the search query in Alert need to execute and the query should not get execute based on throttling minutes which is given.
But now the search query is executing based on given cron schedule, and the throtling works for only added to alerts only.
Is the throtling will work only for Trigger Actions like "Added to alerts"... Please confirm.
Please let me know any information required.
Thanks,