I have set up an alert that runs every 5 minutes to check for certain logs. I wanted to throttle the output based on 2 fields, so I enabled the throttle for 24 hrs and put the values in separated by a comma in the "Suppress results containing field value" field.
However, it looks like my alert is not as accurate as it should be. The values in the "Suppress results containing field value", once separated by a comma, do they act as an AND condition or OR condition?
So it's basically an alert set to run every 5 minutes throttled by 24 hrs based on 2 fields, which is not working as expected.
... View more