Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Duplicate Alert Suppression (hooray!)

    [Written by Chris Morgan, Senior Solutions Engineer at LogicMonitor]

    At LogicMonitor, our monitoring philosophy is to provide customers with actionable intelligence. Great examples of actionable intelligence are the alerts we send you about performance issues in your IT infrastructure. Providing meaningful performance and health metrics is our bread and butter, but we want to avoid overwhelming you with alerts as overload often results in apathy, defeating the original purpose of monitoring.

    Consider the case of when a Windows Server running SQL database receives a credential change.  Any new client request to that server will then fail, and with every failure a Window Event will trigger. When your server has an issue and 100 different clients are trying to access it unsuccessfully, you’ll see an event, and an alert, for each and every failure.  This quickly becomes overwhelming, and you’ll probably turn off EventSource alerting to avoid the alert storm.  Your frustration in this case would be understandable – a single Windows Server can be responsible for thousands of event alerts in a very short time period.  But turning off event alerting has potentially dire consequences: you can miss crucial events you actually need alerting on, so you’re throwing the baby out with the bath water.

    To help you deal with this, LogicMonitor has implemented a new feature to suppress duplicate alerts.  Windows (and LM, historically) treats each event as a separate alert.  The new feature allows you to alert for a particular event, but suppress duplicates for a given time period. Where previously you’d receive an alert storm, now you’ll simply get one alert for the time period you specify (default 1 hour).  You’ll be able to give the alert the attention it needs because you’re not snowed in by the storm.

    The result is that Windows Event alerts will no longer overwhelm the alert tab or your inbox.  You can keep event alerting in place, without risk of alert overload.  Configure duplicate alert suppression as an option in EventSources. It’s a new feature for all Windows and LogWatcher EventSources.

    This capability is turned on by default in LogicMonitor’s latest release (v.49).  We are not overwriting customers’ existing EventSources, but we *highly* recommend that you turn it on for pre-existing EventSources and LogWatchers. Turn it on and watch as that event alert noise gets turned down and lets you focus on the more important actionable information in your infrastructure.