we have 15 different hosts, we enabled an alert with condition if host is down we need to alert it.
it has to check every 5 min if any host is down it has to alert it and also should not alert for second time for same host. how should i do it?
**example**: At 10:00 AM HostA is down we need to alert it and if at 10:01 HostA and HostB are down then i should get an alert saying HostB is down but i should not receive alert for HOSTA again for 15mins.
here is what we did,is it correct?
![alt text][1]
[1]: /storage/temp/216818-splunk-alert.png
↧