Suppress collecting duplicate event logs in SCOM

I need to collect some particular event log entries (for auditing purposes) for one of our Apps, but when an issue occurs the same event occurs hundreds of times, and our SCOM DB is starting to get pretty large. The app team only care about the first event logged when the storm occurs - is there a way to supress collection of the entries for say 5 minutes?

1 Like

Hi,

i am not sure if this match your case 100% but try a look a this:

https://blogs.technet.microsoft.com/kevinholman/2016/12/08/how-to-collect-events-but-not-all-the-events/

2 Likes

Hi,

http://systemcentermvp.com/2016/07/05/configure-generic-text-log-alert-rule-in-scom/

This article will help you!

1 Like