In my environment we have Windows event log monitoring in place for disk timeout events (warning ID 153).
We also have automation in place that creates an incident ticket when an alert is generated (script event action).
Challenge: usually when one disk timeout event occurs we get a lot of them (repeated occurrences of the same event).
In this scenario we want only one alert/ticket created, not a whole bunch of them.
Looking for any thoughts on the best way to suppress multiple occurrences of alerting / alert actions for the same event ID.
Thanks.