Wondering if anyone has tackled a similar situation -
"When 1 to X number of nodes are critical then generate an alert normally but if more than X number of nodes are critical create 1 single alert for all of them.
I'm not opposed to defining 2 alerts one that does first action but then stops after x number of nodes and then a second alert that only alerts after x number of nodes have reached the threshold (that I know how to do) it's just how to stop processing the first alert when it gets to that threshold.
If you want more specifics on our situation, we are monitoring terminal server sessions that hit a threshold, we create a standard ticket when they reach that threshold. When we have more than 25 servers that reach that threshold at one time we want a single Critical ticket and we don't want the individual standard alerts.
So the logic I'm thinking it might have to match is "If greater than 25 servers with threshold then create single action, Else individual actions on each server" Is there something out there like that?
Anyone doing something similar or have ideas?
