In addition to the simple filter options, a threshold event filter processes an event after it has occurred a specified number of times within a specified interval.
An event triggers associated actions if, within the specified interval, the event occurs the number of times specified in the Count field.
For example, you can define a threshold filter to monitor frequently occurring heartbeat events and forward the event to IBM® Systems Director Server only when the heartbeat event is received for the 100th time during a specified amount of time. Count is set to 100 and Interval is set to 5 minutes. When the specified event is received for the 100th time within 5 minutes, the event actions are invoked, and the Count and Interval settings are reset. To invoke the event actions a second time, the specified event must be received 100 times within an interval of 5 minutes again. If only 90 events are received within the 5 minutes, the Count and Interval settings are reset.
Another example is to create a threshold filter such that, if a user attempts to log on with a bad password five times within five minutes, the event automation plan will trigger associated event actions.