Stop Duplicate Alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-366728%22%20slang%3D%22en-US%22%3EStop%20Duplicate%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-366728%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20created%20LA%20query%20to%20trigger%20alert%20when%20the%20windows%20installer%20service%20stops%20and%20it%20works%20fine.%20What%20i%20am%20trying%20to%20add%20a%20condition%20to%20this%20query%20is%2C%20alert%20should%20not%20be%20duplicated%20if%20there%20is%20an%20alert%20already%20active.%20is%20there%20a%20way%20to%20add%20the%20condition%20to%20suppress%20duplicate%20alert%20until%20the%20existing%20alert%20is%20closed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20with%20Alert%20management%20query%20but%20the%20alert%20state%20is%20shows%20empty.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20help!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-366728%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAlerts%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-369270%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20Duplicate%20Alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369270%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EI%20do%20not%20think%20there%20is%20possibility%20for%20that.%20There%20is%20option%20for%20suppression%20configuration%20on%20Log%20Analytics%20alerts%20but%20that%20one%20does%20not%20work%20per%20instance.%20For%20example%20if%20you%20receive%20alert%20for%20Computer%20A%20and%20after%205%20minutes%20another%20alert%20to%20be%20generated%20for%20Computer%20B%20the%20latter%20will%20be%20suppressed.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi

 

i created LA query to trigger alert when the windows installer service stops and it works fine. What i am trying to add a condition to this query is, alert should not be duplicated if there is an alert already active. is there a way to add the condition to suppress duplicate alert until the existing alert is closed?

 

I tried with Alert management query but the alert state is shows empty.

 

Please help!

1 Reply

Hi,

I do not think there is possibility for that. There is option for suppression configuration on Log Analytics alerts but that one does not work per instance. For example if you receive alert for Computer A and after 5 minutes another alert to be generated for Computer B the latter will be suppressed.