I want the capability to detect if an alert is already triggered then skip sending out the email/action when a subsequent triggering of the alert happens. I understand about throttling, but that is not what is needed. I want to send out one email when the alert is triggered and not send another until the alert clears and is triggered again.
I see some useful information [on this question/answer](
https://answers.splunk.com/answers/227858/is-it-possible-to-create-an-alert-that-depends-on.html) but it is not quite sufficient. I really need a query that detects if the alert is triggered.
↧