Hello All,
Using the below conditions (along with the required conditions) to configure alert
earliest=-5h
| head 100
The challenge facing is, sometimes observing it is considering the transactions which has previously already generated an alert
for example, an alert got generated at 12:00 PM and then again it is generating at 01:30 PM. This is happening because there were some failures between 11:00 AM and 11:30 AM and even if there is 1 or 2 failures around 1:25 PM, it is considering the failures from 11:00 AM to 11:30 AM.
The reason to consider `earliest=-5h`& `head 100` is because the transactions for this application is very less. Thought of using suppression for a longer time (currently it is set to 1 hr) but that might give rise to situations were valid scenario might get miss.
Is there any other way (other than reducing the earliest time or head or increasing the suppression) to mitigate this?
↧