Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM email alerts or rules are firing excessively

LEM email alerts or rules are firing excessively

Created by Jason Dee, last modified by Jason Dee on Jun 21, 2017

Views: 2,759 Votes: 3 Revisions: 7


A configured rule is sending an excessive number of email alerts or is firing too often.


All LEM versions


This occurs when the rule is configured with broad conditions or a need to adjust the Correlation Time.


  1. Disable the rule that is sending the alerts until it has been refined.
    Note: If you do not know which rule it is, check the Rule Activity filter under Monitor.
  2. After disabling the rule and clicking the Activate Rules button, edit it to view the current configuration.
  3. Duplicate the conditions that are in the Correlations section in Explore > nDepth and search for that event(s) in the database. You will be able to see how many events are coming in that are triggering the rule.
  4. Refine the rule by narrowing the scope. Check the different fields of these events and the information contained to see what else you can use in the rule. Any additional info you can include or exclude in the rule will help it fire less frequently and more precisely.
  5. Alternatively, if there's no way to narrow the focus further, you can go to the rule and increase the number of events required before the rule fires.


Last modified