Suppressing Duplicate Alerts

Event storms occur when an application or system rapidly produces a large number of identical events.

If you have an alert associated with an event in an event storm, receiving multiple alerts for the same event within a short time is more annoying than useful. The Consolidator can provide duplicate alert suppression. If duplicate alerts are received while the original alert remains unresolved, Microsoft Operations Manager 2000 combines the duplicate alerts into a single alert. The Monitor snap-in and the Web Console then display only a single alert. The alert properties indicate the number of alerts that were combined.

You can enable duplicate alert suppression when you create a processing rule. You can specify the fields in the alerts, the events, or the thresholds that generated the alerts that must be the same for the alert to be considered a duplicate.