Have you an example to filter events that have already looked at? Is there any alert customization for doing that like throttle or expiration?

Alerts have throttles but that's at the alert level, not at the event which have been looked at.

As I said, it depends on your search and your data. For example, if you are searching over 25 hours, every 24 hours, there will be an overlap of 1 hour. Having said that, it depends how quickly your data is indexed, real lag, and how far behind your timestamp field (_time) is to actual time, extended lag. In order to fashion a search which takes these factors into account, you need to understand your data, how it is indexed, when it is indexed, etc. When you know this, you might have a chance at eliminating events which you have (or may have) already looked at.

Another way you might approach this is to copy the events you have looked at into a summary index and then ignore any events which are already in your summary index.

thanks for your answer even if it's not really easy to understand

the data are approximatively indexed every 20 minutes

so concerning my problem i dont understand why my last related event vs my alert happened last Friday and why my alert has occurend once again today

You haven't provided sufficient information for anyone to be able to determine why your search picked up events which you weren't expecting, or why you search failed to exclude these from your alert. It is like me asking you, why did my search fail?