{"id":135,"date":"2007-02-09T22:09:21","date_gmt":"2007-02-09T20:09:21","guid":{"rendered":"http:\/\/contoso.se\/blog\/?p=135"},"modified":"2007-05-18T11:12:03","modified_gmt":"2007-05-18T09:12:03","slug":"are-your-mom-to-sensitiv","status":"publish","type":"post","link":"https:\/\/contoso.se\/blog\/?p=135","title":{"rendered":"Is your MOM to sensitive?"},"content":{"rendered":"<p>Is\u00c2\u00a0your MOM to sensitive and sending you alerts in early stage? As you presumably know you can change thresholds and modify all rules to suite your environment better. I will show one way to do that in this post. In this example I will collect event ID 2 from the Application log and when there has been two alerts with event ID 2 within one minute I will generate an alert.<\/p>\n<p>Start by create one rule to consolidate similar events with the following settings<\/p>\n<ul>\n<li>Data Provider &#8211; Provider Name: Application<\/li>\n<li>Data Provider &#8211; Provider type: Windows NT Event Log<\/li>\n<li>Criteria \u00e2\u20ac\u201c with event id 2<\/li>\n<li>Schedule \u00e2\u20ac\u201c Always process data<\/li>\n<li>Consolidate \u00e2\u20ac\u201c Choose Event number, Source Name, and input set that events must occur within 60 seconds<\/li>\n<li>Knowledge Base: Input a suitable text<\/li>\n<li>General: Input a suitable name and verify that the rule is enabled<\/li>\n<\/ul>\n<ul>\n<li>Data Provider &#8211; Provider Name: Application<\/li>\n<li>Data Provider &#8211; Provider type: Windows NT Event Log<\/li>\n<li>Criteria \u00e2\u20ac\u201c event ID 2 and repeat count is at least 2 (Advanced criteria)<\/li>\n<li>Schedule \u00e2\u20ac\u201c Always process data<\/li>\n<li>Alert \u00e2\u20ac\u201c Check the box to generate alert<\/li>\n<li>Alert Suppression \u00e2\u20ac\u201c leave default settings<\/li>\n<li>Responses \u00e2\u20ac\u201c add suitable if needed<\/li>\n<li>Knowledge Base: Input a suitable text<\/li>\n<li>General: Input a suitable name and verify that the rule is enabled<\/li>\n<\/ul>\n<p>That\u00e2\u20ac\u2122s it. After two events with event ID 2 and the same source name you will get an alert.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is\u00c2\u00a0your MOM to sensitive and sending you alerts in early stage? As you presumably know you can change thresholds and modify all rules to suite your environment better. I will show one way to do that in this post. In this example I will collect event ID 2 from the Application log and when there &hellip; <a href=\"https:\/\/contoso.se\/blog\/?p=135\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts\/135"}],"collection":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=135"}],"version-history":[{"count":0,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts\/135\/revisions"}],"wp:attachment":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}