I would like to send an e-mail when a client failed to update to the latest available DAT file. Therefore I created an automatic response where I filtered on Event ID 1119. But I only want to be informed when the same client has 3 update failures within the same day. Can anyone tell me how I should setup the aggregation and grouping to obtain this result?
Currently I have :
Trigger this response if multiple events occur within 1 day
When the number of distinct values for an event property is at least a certain value
Number of distinct values '3'
Group aggregated events by 'Agent GUID'