I have events coming in continuously with almost same duration (lets say 2mins) between consecutive events. The events have same message key. I want to understand how the event rule threshold works and how many alerts get generated in a day for the cases as below
1) occurs 1 over 60 secs, alert close - none
2) occurs 2 over 120 secs, alert close - none
3) occurs 2 over 120 secs, alert close - idle over 60 secs
If there is no threshold, new incoming event gets associated with existing alert forever. I want to stop associating events to existing alerts and create new alert every 3 hours. How can i do it?
