Good Day
I have an event that is sending logs to our Syslog device and we want to be able to suppress that log so that it doesnt get sent to Syslog devices.
Is it possible that I can update the alertconfig settings so that it surpresses that alert from being.
Any suggestions would be greatly appreciated on how i can suppress the event. I am looking at possibly updating the below to say exclude the specific event:
| name | Syslog-System-Events |
| threshold | 1 |
| throttle | 0 sec |
| expiry_time | 86400 sec |
| source | EVENT_LOGS |
| category | REALTIME |
| rolling_window | 300 sec |
| summary | Syslog for System Events occured |
| alert_rule | |
| event_match_filter | filter=ne(context,EVENT_CONTEXT_CONFIG) |
| operator | OPERATOR_AND |
| enabled | True |
| action_group_ref | Syslog-System |
| tenant_ref | admin
Thanx
Sulaiman