Ignore some alerts from specific servers

asked Feb 22, 2018 in EventSentry by fgoodwin (150 points)
Specifically we would like to exclude one server from sending this specific alert, but still receive this alert from the other servers.


This below article shows the process for adding an exclude/include filter for events, however this does not appear to work for us as it is a Service Monitoring alert rather than an Event.


answered Feb 22, 2018 by Sally (2,460 points)

Actually, it is an event (e-mail alerts come from events) so you should be able to dig it up through the event viewer as the tutorial showed, but to save you the trouble of digging up the event you can use this image to generate your own exclude filter for a service.  You can use package assignments to control which server(s) the filter applies to, or if you'll only ever want the filter to activate on one server you can put that server's name in the COMPUTER field of the filter.

commented Feb 22, 2018 by fgoodwin (150 points)
Thank you for taking the time to look at this. When looking through the Application event logs on the management console there are no events at the time of the email (in the screenshot: 9:08:43). As such we are unable to create a filter based off the event as we are unable to locate it.
commented Feb 22, 2018 by Sally (2,460 points)
Well, you don't *have* to find an event in the event viewer to add any filters, that's just how you get the filter wizard to fill in most of the fields for you.  To make a filter from scratch you can go to Packages > Event Logs, and right-click one of the existing packages (like perhaps the "EventSentry Alerts" one) and choose Add Filter, then give the filter a name and fill in the fields according to the example screenshot.

If you really really really want to find the event, it sounds like a different server generated it?  The name of the server that generated the event is in the top left corner of the message text in the email alert.  In the EventSentry console, on the left side you can right-click "Event Log Viewer (local)" and browse through your EventSentry groups to select the machine that generated the alert.  Then a new item will appear in the list called "Event Log Viewer (servername)" and you can select the Application log under there to find the exact event on that server.
commented Feb 23, 2018 by fgoodwin (150 points)
OK, thank you. We will give that a shot and see if it works.
