Need assistance figuring out why we are receiving multiple email alerts. We are trying to setup email alerts for Office365 Service Messages.

Search String

index="o365data" sourcetype="o365:service:message"  Id=*
 | where Classification == "Incident" AND Severity == "Sev2"
 | spath Messages{} output=Messages
 | spath WorkloadDisplayName
 | spath Id
 | spath Status
 | stats values(WorkloadDisplayName) as WorkloadDisplayName values(Id) as Id values(Status) as Status by Messages
 | spath input=Messages
 | eval PublishedTime=strptime(PublishedTime, "%Y-%m-%dT%H:%M:%S.%NZ")
 | eval CorrectPublished=PublishedTime+25200
 | where MessageText != "A post-incident report has been published."
 | stats count by CorrectPublished Id WorkloadDisplayName MessageText Status 
 | sort - CorrectPublished
 | dedup CorrectPublished
 | fields - count
 | eval CorrectPublished=strftime(CorrectPublished,"%Y/%m/%d %T")
 | fields - PublishedTime
 | dedup Id
 | table CorrectPublished Id WorkloadDisplayName MessageText Status
 | rename CorrectPublished as "Published", Id as "ID", WorkloadDisplayName as "Workload", MessageText as "Details"

Alert Settings
Alert Type: Real-time
Expires: 48 Hour(s)
Trigger alert when: Per-Result
Throtte: yes
Suppress results containing field value: *
Suppress triggering for: 2 minute(s)
When triggered: Send email

Emails Received