We use SCOM to fire alerts by monitoring events in the machine's application log. These events are generated at a specific frequency. If there are issues on a machine, we would generate failure events in the log at that frequency. But we want to fire off just one alert for this issue. Is there a way to consolidate events based on portion of the text in the Event Description field. We tried to use monitors with repeat settings, but we could not find anything that suited our needs.

There is indeed. But you should change how you generate these alerts to NOT write changing values into the event description. This will be horribly ineffecient and cause the agent to consume a lot of CPU because it will need to maintain a large memory set and enumerate through it for each matching condition. The right way is to use event parameters with the unique elements that you want to use to group alerts. Then it is fairly straightforward to create a consolidated event rule (many examples, plus supported in the authoring console) that groups alerts on event parameters. In the windows computer, event parameters are far more efficient than changing event descriptions. Changing event descriptions will also eventually clog up the SCOM database since each change in the event description text is stored in a table that is used to make displaying event descriptions more efficient. By changing them all the time, the table will grow and grow, and it does not get groomed by default. Watch out for your DB size, as well as agent performance in your current approach. Writing events that have variable event descriptions - a worst practice.Microsoft Corporation