I am new to using SW, and looking for some guidance on an issue we are having with an alert that is set to trigger when it sees an interface on any of our network devices changes from the 'Up' state. It is triggering for some reason unknown to us, and we will get batches of them throughout the day, anywhere from six to 140 at a time. It happens on routers, switches, firewalls, and other types of devices. There does not seem to be a pattern to the timing.
It is set to alert on Interface. The scope is set to 'Network' device types. The trigger condition is when an interface status changes, and it is not equal to Up. I was told that we used to have it set to 'interface is equal to Down' but that was not fully working for us, like it was missing some.
Looking through Events, I was unable to find the ones correlating to these, but maybe I was doing something wrong or just not seeing them.
I am sure there is a bunch of necessary details I am leaving out, but if someone is able to help, it would be hugely appreciated, and will do my best to provide more information.
Thank you!
