Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > LEM email alerts or rules are firing excessively

LEM email alerts or rules are firing excessively

Created by Jason Dee, last modified by Karen Valdellon on Sep 23, 2016

Views: 1,352 Votes: 2 Revisions: 6

Overview

A configured rule is sending an excessive number of email alerts or is firing too often.

Environment

All LEM versions

Cause 

This occurs when the rule is configured with broad conditions or a need to adjust the Correlation Time.

Resolution

  1. Disable the rule that is sending the alerts until it has been refined.
    Note: If you do not know which rule it is, check the Rule Activity filter.
  2. After disabling the rule, edit it to view the current configuration.
  3. Duplicate the conditions that are in the Correlations section in Explore > nDepth and search for that event(s) in the database. You will be able to see how many events are coming in that are triggering the rule.
  4. Refine the rule by narrowing the scope. Check the different fields of these events and the information contained to see what else you can use in the rule. Any additional info you can include or exclude in the rule will help it fire less frequently.
  5. Alternatively, if there's no way to narrow the focus further, you can go to the rule and increase the number of events required before the rule fires.

 

Last modified
22:00, 22 Sep 2016

Tags

Classifications

Public