Hello, I am trying to create a SWQL alert for devices that went down, but did not trigger the associated alert as they should have.
This isn't happening often, but it does happen periodically. I need to get this SWQL alert created to identify when it happens so this backup alert can trigger.
Here are my conditions:
caption like '%-RT0%'
status=2
went down in last 30 minutes
no active alerts with 'integrated%' in the alert name
device not in maintenance mode
device custom property 'Unmanaged' is empty
I've been at it most of the day and have not made much progress. Can someone better at SWQL take a stab at it?
I was also unable to locate where maintenance mode is in the tables.
