Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Alert to Trigger Map Report (?)

Does anyone have a SWQL query put together that maps the alerts to their triggers? I can't seem to tie it all together this morning.

What I have isn't showing me everything I expect to see:

in SQL

FROM AlertDefinitions ad

JOIN AlertConfigurations ac ON ad.AlertDefID = ac.AlertRefID

LEFT JOIN ActionsAssignments ass ON ac.AlertID = ass.ParentID

LEFT JOIN Actions aa ON ass.ActionAssignmentID = aa.ActionID

LEFT JOIN ActionSchedules ask ON aa.ActionID = ask.ActionID

LEFT JOIN Frequencies freq ON ask.FrequencyID = freq.FrequencyID

in SWQL

FROM Orion.AlertDefinitions ad

LEFT JOIN Orion.AlertConfigurations ac ON ad.AlertDefID = ac.AlertRefID

LEFT JOIN Orion.ActionsAssignments ass ON ac.AlertID = ass.ParentID

LEFT JOIN Orion.Actions aa ON ass.ActionAssignmentID = aa.ActionID

I'm seeing 4 results here, but I should be getting about 30. What am I missing?

Bonus question, is there a way to remove trigger/reset assignments to an alert via the API? It's really great that it's easy to apply actions to multiple alerts, but removing them seems a tad painful by comparison.

Find more posts tagged with

Accepted answers

dgsmith80

Think you were almost there, the problem is probably your 3rd and final JOIN on the Actions table. The ActionID is what links the ActionsAssignments

SELECTad.Name AS [Alert Name],aas.CategoryType AS [Trigger or Reset],aa.ActionTypeID AS [Action Type],aa.Title AS [Action],aa.Description AS [Action Details]FROM Orion.AlertDefinitions adLEFT JOIN Orion.AlertConfigurations ac ON ad.AlertDefID = ac.AlertRefIDLEFT JOIN Orion.ActionsAssignments aas ON ac.AlertID = aas.ParentIDLEFT JOIN Orion.Actions aa ON aas.ActionID = aa.ActionIDWHERE ad.Enabled = 'True'ORDER BY ad.Name ASC

This got me a list of alerts showing the relevant actions if they were Trigger or Reset and then what the action was (ie Email, Execute Program etc) with some details (if needed).

* Had to edit the shortcut for ActionAssignments as forum moderation didn't like it

All comments

dgsmith80

Think you were almost there, the problem is probably your 3rd and final JOIN on the Actions table. The ActionID is what links the ActionsAssignments

SELECTad.Name AS [Alert Name],aas.CategoryType AS [Trigger or Reset],aa.ActionTypeID AS [Action Type],aa.Title AS [Action],aa.Description AS [Action Details]FROM Orion.AlertDefinitions adLEFT JOIN Orion.AlertConfigurations ac ON ad.AlertDefID = ac.AlertRefIDLEFT JOIN Orion.ActionsAssignments aas ON ac.AlertID = aas.ParentIDLEFT JOIN Orion.Actions aa ON aas.ActionID = aa.ActionIDWHERE ad.Enabled = 'True'ORDER BY ad.Name ASC

This got me a list of alerts showing the relevant actions if they were Trigger or Reset and then what the action was (ie Email, Execute Program etc) with some details (if needed).

* Had to edit the shortcut for ActionAssignments as forum moderation didn't like it

lag

Thanks, David!

Any thoughts on if you can manage / remove assignments using the API?

mesverrum

Looks like the api will only allow read operations against orion.actionsassignments directly, but you have this table of possible verbs to invoke

DeleteActionsByAssignments

DeleteActionsByAssignmentsAndCategory

SaveActionsForAssignments

UpdateAction

UpdateActionsProperties

UpdateActionsDescriptions

UpdateActionsFrequencies

TestAlertingAction

TestReportingAction

lag

I must have missed that. I'm betting that DeleteActionsByAssignments is what I'm looking for.