I have created an alarm configuration to send me an email if a switch experiences a SpanGuard event the locks out a port on my EOS switches.
I have the alarm definition setup as follows:
The email comes through fine, but I get 3 copies of one email and a single copy of another email with the same alert. You can see the Information column below is the email I see and the "Seen Count" is the number of emails that are sent to me.
I have gotten the second alarm to only send me a single email by setting up the Alarm Suppression rule in the Actions tab of the rule creation window
I still get the top alarm emailed to me though and I cant figure out how to eliminate multiple emails from being sent.
I also feel there is probably a better way to filter the rule so that the second alert isnt "seen" 3 times.
I have tried altering the Match On: Log: criteria field to include or exclue Syslog and the other, but have not found anything that works. Its almost like XIQ-SE is getting 4 syslog events evertime I reproduce the issue.
Thanks for any guidance.
Three of the messages are the same and the fourth is in a slightly different format but with the same details.
This is the identical message I will get 3 copies of:
This is the second message I get a single copy of:
Blacked out portions are the IP address of the switch.
