Is there a SWQL/SQL script or anyother way to find all instances of a node being mentioned in an alert's trigger conditions? Let me know if you need more information.
This one is tricky. The alert trigger and reset conditions are stored in the DB with XML format so not so easy to read/extract (See Orion.AlertConfigurations in SWQL Studio). There used to be a way to extract the actual conditions as seen in an active alert page (Alert Definitions Details widget) but I don't think it works in the last versions (will dig up some old code and come back if this is still a thing)
You may get some results by querying the Orion.AlertConfigurations entity with something like the following:
SELECT AlertID, AlertMessage, AlertRefID, Name, Description, ObjectType, Enabled, Frequency, Trigger, Reset, Severity, NotifyEnabled, NotificationSettings, LastEdit, CreatedBy, Category, Canned, DisplayName, InstanceType, Uri, InstanceSiteIdFROM Orion.AlertConfigurationswhere trigger like '%caption%'
The above will output all alerts that have 'caption' in the trigger conditions. You can substitute with your naming convention or just give it a try and filter it further down depending on the results.
You may want to review your alerting and re-organise based on Custom Properties (or regular properties) that do not tend to change and provide a robust foundation for a solid Orion platform, unaffected by changes such as naming conventions (been there too!).
Are you referring to nodes currently affected by an alert or all the possible nodes that could trigger an alert? There's a difference and a solution for each.
Thanks for the reply. Heres some background info. We are moving a datacenter to another location. The naming convention for the nodes will change. We want to have the same alerts set up for the new location so I am trying to find all alerts that the nodes at the old location could possibly trigger, even if they have never been triggered before. The old location is still in use while the new one is being built. Most things I am finding are saying it is not possible to find alerts that have not been triggered before. So I was hoping to find all alerts that have the old naming convention mentioned in their trigger conditions. Thanks again for the help!
Use the above, but also try to create a report with almost the same parameters as the trigger condition for the alert except without the down status.
I have a few slides for a mostly-uncoded method for answering this sort of question i've been pitching solarwinds to develop
Got many enabled alert categories (things in Manage Alerts)?
Not a great option, but then this is something that might help you a bit, there is a widget on node page which will help you with this, I have generic alerts in my environment hence this helps me, I wouldn't need to pull this out of a SWQL query. Ideally most of my alerts are based on vendor type which are generic in nature, hence I just select one node for that vendor and when i come onto the node page i can easily detect what alerts are tagged to that vendor type based on this widget. Check if this still exists in your environment on node summary pages, if it has been removed then readd it. Will make your life easier if you do not have 'n' number of custom alerts. If you have too many alerts in your environment which are not generic/global in nature then this wouldn't help much as its a lot of manual effort. Hope this helps.
__PRESENT__PRESENT__PRESENT__PRESENT__PRESENT
