Deduplication Format


Is deduplication doable as an event rule? If so, could I have a template example of how to do it using the title of an alert? e.g. all alerts with the word ‘fire’ in the title should be deduped.


You can use event extraction end enrichment to extract parts of any field and create new field values for dedupe key. See the docs here for examples:

Thank you! I will have a look!