The same event alert triggered twice in two different timestamp. 

VMware Aria Operations for Logs 8.18.x

This is a known issue where the same log being read twice before getting rotating out.

One of these logs with * are causing the LI to read the rotating logs. The workaround is replace the * with .log so, only 1 log is read instead of all logs (*).  Example, change "vcloud-container-debug*” to vcloud-container-debug.log. 

One of these * appended the logs need to be replaced to .log.

[filelog|vcd]
directory=/opt/vmware/vcloud-director/logs
include=vcloud-container-debug*;upgrade*;vmware-vcd-support*;watchdog*;vcloud-container-info*;cell*;request.log*;cell-management-tool.log*;cell-runtime.log*;cell.log*;cloud-proxy.log*;queries*;networking.log*;server-group-communications.log*;upgrade-;service-wiring.log;statsfeeder.log*;networking-wire.log*
event_marker=(\d{2}|\d{4})-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3}\s
tags={"vmw_product":"vcd"}
 
[filelog|vcd-API]
directory=/opt/vmware/vcloud-director/logs
include=request.log
event_marker=\b(?:\d{1,3}\.){3}\d{1,3}\b
tags={"vmw_product":"vcd"}
 
[filelog|vcd-appliance]
directory=/opt/vmware/var/log/vcd
include=.log
tags={"vmw_product":"vcd-appliance"}
 
[filelog|vcd-vpostgres]
directory=/var/vmware/vpostgres/10/pgdata/log
include=.log
tags={"vmw_product":"vcd-vpostgres"}

Modifying the agent configuration can be located at VMware Aria Operations For Logs – Management – Agents - Edit