we have Splunk log monitoring alert configured for x occurrences in 5 minutes so in 30 minutes, we get around 6 incidents. We would like to have a solution to have just one incident until first issue is fixed. Is there any way to achieve
You can supress alerts using the throttle tickbox in the alert configuration:
See screenshot: https://imgur.com/ot9BVzp
See documentation: https://docs.splunk.com/Documentation/Splunk/7.0.2/Alert/ThrottleAlerts
View solution in original post
