Filter alerts by ID and Date

[Secure moi]

Hi All, new to the group, new to Ossec.  I have set up an Ossec server (Linux) and several windows clients.  I would like to get alerts for specific windows event log events, and have set up a dummy event.  It works, I get an alert.  The problem I'm having is I get the alert continuously. (the best I've achieved is to throttle the alerts back to one every hour).   I'd like (possibly at the server end?) to filter these alerts so that once I've seen them, I don't get more alerts.  I can't delete event log data, so am wondering if there's a way to do this with ids and date/time stamps?.

E.g., in my client ossec.config, I have the following rule (which is aimed at a fake event for testing)::
<localfile>
    <location>Application</location>
    <log_format>eventchannel</log_format>
    <query>Event/Application[EventID=1]</query>
 </localfile>

How would I filter the alert related to this rule out once I was ready to do so?  Is there a way to wild card dates, so that any alerts for this ID and before a certain date or date range from "today" don't get sent?  I assume this is probably something I should have been able to find in the documentation or in this group's threads.....

Hoping to get a "how to link"....maybe that touches on doing this with rules and decoders?

Thx!

[Secure moi]

Still struggling with this....and am guessing the documentation is out there to solve it but...

Q is there a link someone can suggest (or a thread from this group) that outlines for a newbie at the most basic level, how to create a simple rule (and decoder?) that sends an alert if a specific event happens in the windows event log?

Thank you.