When adding multiple fields in the "Suppress results containing field value" - is that logically an AND or an OR? This could produce two entirely different outcomes. I would ideally like to suppress when both fields are found in subsequent alerts, however, it seems like this might say for any future alert that contains either field, don't alert again. Some clarity would be nice! (The documentation doesn't touch on this)
![alt text][1]
[1]: /storage/temp/250825-screen-shot-2018-05-30-at-111548-am.png
↧
