Hello All,
I have created a rule where Kiwi will search for a message within the logs, and email me when this message is found. We have over 100 devices logging to our Kiwi, so this rule does get fired often. I would like to set a time interval filter, so that we will be emailed when the rule is true, but only once every 30 minutes. This part seems easy enough, but I only want the time interval filter applied per host.
i.e.: The rule is fired by a log from Host1. The time interval will stop sending emails for 30 minutes for this host. The rule will continue sending emails though, if other hosts send the same message.
It this possible??
Thanks!
Paul