I thought this was going to be pretty simple to do. We have an alert that triggers during a very short window to send an incident to a team if an alert exists. Specifically, an application component checks the event log for the previous 8 hours to see if a specific event has occurred. If so, we send the statistic to an incident for the team.
Here's the catch. I need to make sure that the alert clears before the next check period. We are currently leveraging an 'undocumented feature' to do the reset, but that functionality might be removed in a future release. (We are upgrading to NPM 11 shortly).
It is an APM:Component alert and I couldn't find a value in the advanced alert manager that allow me to use a time that changed. I had thought about using Network Nodes > Polling Details and checking against something like Last Sync but you can only select a date and not a time. As far as I can tell our own options are to use a custom SQL alert or perhaps another custom attribute. I'd hate to have to use the latter as this really is a one-off from our standard methodology for deploying alerts.
Any ideas?
