Throttling will allow you to not keep sending the same alert every time it runs. So if you are sending an alert when some value exceeds a threshold as an example. If you run the alert every 5 minutes, it will alert, every time that value is over that threshold. By throttling, you can have Splunk only alert every x amount of time, such as every hour. This means say for the same host, you will only get an alert every hour if the condition still exists in an hour. Rather than every time the alert runs. You can set the time period, and the fields that need to match before it throttles.