Event duplication based on server names
We have a requirement to duplicate alerts based on Server name in Omi.
Eg: A log file policy deployed on 6 servers. When condition matches and alert triggers for all 6 servers, only the First alert should be considered and others should duplicated with the first event.
So that we will get only 1 incident.
Usually this will work for same servers, So I am not sure whether it can be done for different server names.
Could you assist on this?
Omi - 10.62
As per your requirement,you can opt for Stream based Event Correlation where you can use Repitition rule.
- Define the event filter with Title and Sourced from Hosts is one of 6 servers
- Correlation attribute-Title
- Choose the time window within which they shoud be treated as duplicates or repitition
- Choose everytime for the condition to be executed
- Choose first event as reference and release all events