Merge pull request #205192 from yelevin/revert-205175-patch-1

Revert "Update near-real-time-rules.md"

Author: PRMerger18

articles/sentinel/create-nrt-rules.md

@@ -55,7 +55,7 @@ You create NRT rules the same way you create regular [scheduled-query analytics
 
     - **Query scheduling** is not configurable, since queries are automatically scheduled to run once per minute with a one-minute lookback period. 
     - **Alert threshold** is irrelevant, since an alert is always generated.
-    - **Event grouping** configuration is now available to a limited degree. You can choose to have an NRT rule generate an alert for each event for up to 30 events. If you choose this option and the rule results in more than 30 events, single-event alerts will be generated for the first 29 events, and a 30th alert will summarize all the events in the result set.
+    - **Event grouping** configuration is not available, since events are always grouped into the alert created by the rule that captures the events. NRT rules cannot produce an alert for each event.
 
     In addition, the query itself has the following requirements:
 

articles/sentinel/near-real-time-rules.md

@@ -50,7 +50,7 @@ The following limitations currently govern the use of NRT rules:
 
     1. Queries can run only within a single workspace. There is no cross-workspace capability.
 
-    1. Event grouping is now configurable to a limited degree. NRT rules can produce up to 30 single-event alerts. A rule with a query that results in more than 30 events will produce alerts for the first 29, then a 30th alert that summarizes all the applicable events.
+    1. Event grouping is not configurable. NRT rules produce a single alert that groups all the applicable events.
 
 ## Next steps