Automatically resolve alerts with configurable criteria
It doesn't appear to be possible to automatically resolve alerts based on a configurable criteria (e.g. the alert has not been triggered for X period). This would be immensely useful for certain alerting scenarios.
For example, I have an alert which triggers when updates are available for managed Windows servers using a log search condition and email action. Once the updates are installed, the alert will no longer trigger, but the alert is still active in a "New" state unless it's manually closed.
Sumit Anand commented
I am having same issue, when alert state does not change to Resolved when monitor condition is not true, forcing each alert to investigate manually.