Is it possible to do the above? For example, let's say I want to know if a service stops 3 or more times in 24 hours. Is there a way to write an alert for this?
Great point!!!
Updated:
join events on events.netobjectid = APM_AlertsAndReportsData.ComponentID --match your message here where events.message like 'netpermon event log:%'--only look at component monitor eventsand events.netobjecttype = 'AM' --look over the last 1 day and events.eventtime > (getdate()-1) group by APM_AlertsAndReportsData.ComponentID, APM_AlertsAndReportsData.ComponentName --find all components with >= 3 events having count(eventid) >= 3
Quick bump for the morning crowd. Any ideas?
Just a real quick idea, you could theoretically write a normal component monitor alert that writes to something like the NetPerfMon event log, then create another alert that fires when you have more than X events in the log in the last Y time.
-ZackM
Loop1 Systems: SolarWinds Training and Professional Services
That's a brilliant idea, actually. I don't see an option to trigger alerts based on contents of the NetPerfMon event log, however. Is that something I would have to write with custom SQL/SWQL?
Here you go, just edit the message string to match whatever you write with your first alert. This will look for 3+ events over the last 1 day
join events on events.netobjectid = APM_AlertsAndReportsData.ComponentID--match your message herewhere events.message like 'netpermon event log:%'--look over the last 1 dayand events.eventtime > (getdate()-1)group by APM_AlertsAndReportsData.ComponentID, APM_AlertsAndReportsData.ComponentName--find all components with >= 3 eventshaving count(eventid) >= 3
Alerts have a native feature that basically says "If X occurs for more than T minutes" then an alert will trigger.However, if you're concerned on how many times it happens, most likely one good example is device X rebooted X times, then you probably need an advance SQL query for that.
