we want 1 alert if something happens more than 1 time in that hour. But if it happens multiple times we want to see all those events also in the email. And we only want 1 alert in an hour.

alter type: real time
expires: 24 hours

Trigger alert when: number of results is greater than 0 in 1 hours
Trigger: Once

Trottle: yes
Supress triggering for: 1 hours