I've been trying to brainstorm this but I've hit a roadblock in knowledge and I'm looking for help. I've got a query that is looking at the AlertStatus table and the triggertimestamp column in that table. I've edited the AutoClearAlertIntervalInMinutes key to something I could test with at 5 minutes. I've got my alert checking 1 minutes and I've put into my SQL query that if the alert trigger time is greater than one minute when the eventlog is written to then to prepend the RETRIGGERED value. It's prepended this to my new alert and it's not re-triggering after the initial re-trigger. I'm only seeing the two entries which are one minute apart in the AlertStatus and the ActiveLogs tables.
Is there something logged when these alerts are retriggered automatically? How many times will these automatically retrigger? Can I remove that key to stop them from retriggering?
Got a NOC that is seeing these retrigger events as false positives and that's not a good thing.