Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

NPM 10.1 SP1 Alert action still firing, alert suppression query tests OK

Hi folks,

I've done some searching and can't see where I'm going wrong. Scenario:

Using the rule 'alert me when node goes down'. Trigger and reset conditions are default. I've introduced suppression conditions to not trigger alert actions when the sysOID is from two different vendors. I pulled the sysOID values from the nodes table. Here's the query as seen in the alertdefinitions table:

SELECT Count(*) AS Supress FROM Nodes WHERE ( (Nodes.SysObjectID LIKE '1.3.6.1.4.1.2684.1.1%') OR (Nodes.SysObjectID LIKE '1.3.6.1.4.1.368%') )

I manually ran the query and it returns a few hundred rows. To be certain, I modify the query to return hostnames, and confirm the devices are accurate. So I test with one of these devices that is currently down. The alert action still triggers. I must misunderstand how this works. My impression is the alert suppression query serves as a final filter before determining whether or not to trigger an alert and the action.

Insight is appreciated. Thanks!--Drew

Find more posts tagged with

Accepted answers

sean.martinez

The suppression SQL Query will make the Alert not trigger or reset until the Suppression Query returns 0 Rows. You will need to put the SysobjectOID in a Where Clause in the Trigger Conditions tab and in the Reset Tab if you have a separate query.

All comments

netlogix

I think the problem is that you are using suppression tab, are you using the suppression tab?

If so, the suppression tab does not apply to just the current alert, it applies to the entire database, so if anything is returned from the suppression, then the alert should be suppressed.

it's a little confusing, avoid the suppression tab in my opinion, if you can just change you alert query around, then do it that way. Try adding two conditions and set OID not equal x.

dvanorder

Thanks for replying. I am indeed using the suppression tab. If I understand correctly, the alert trigger query must contain the suppression query?

If so, confusing is a bit of an understatement.

sean.martinez

sschoenh

I'm wanting to know the same fix. Working on multicast alerting; the alerts trigger OK but the clear statement doesn't, as it returns results. Using emails as notifications of the trigger/clear, I get the clear email every minute.

dvanorder

Thanks Sean,

I would agree with this, and I'm going to directly update the trigger query. I think this will also eliminate a lot of the confusion I've experienced in using the GUI to build conditions.

Thanks everyone, appreciate the insight. I'll mark this one as answer.