Hi,

I have created a simple correlation rule to notify me when my Microsoft Platform element goes into timeout.

The configured alarm filter looks pretty basic:

A Persistent event is also configured so I only get an e-mail when the element is in timeout for x amount of time.

When this timeout happens, an e-mail gets sent:

This works perfect when the element goes into timeout. But I would also like to be notified when the element goes out of timeout so the checkbox "Execute on clear" is checked. The problem is when the element goes out of timeout that the mail indeed gets sent but with the same e-mail content.

In other words if this element goes twice in and out of timeout during the night then I have received 4 mails by the morning with the same content, while it would be more easy to have received the mails: test server is down, test server is up, test server is down, test server is up. This way I don't have to start counting if the number of received mails are odd or even and avoid having to log in to the system to see if any action needs to be taken.

So basically it comes down to: I want to receive an e-mail when the element goes into timeout for x amount of time, I want to receive an e-mail when the element goes out of timeout again (in case the first mail was sent) and the content of both e-mails should be different to be able to easily see why that mail was sent.

I'm not interested in other severities of the element. I thought about creating a second correlation rule when the "Communication state" parameter goes back to "Responding" but in that correlation rule I'm not aware if the persistent event was reached to trigger the original correlation rule (I would then only receive the responding e-mails while the timeout mail was not sent). An alternative could be to have an automation script as action that analyses the content of the triggering correlation rule and based on that send different mails but that seems to make it more complex.