I'm looking for some help in generating a report for alert history.
What I'm looking for is a report that shows all alerts that happen over a specified time frame (probably last 30 days)
and to show:
- All alerts that happened
- Node and Alert name
- When they were triggered
- When it was cleared
- and if it auto cleared or was manually cleared (by who)
- If the alert was acknowledged
- by who and any notes entered.
I have looked at the built in reports and don't see this and trying to build a report that has this either in the built in report builder or using SWQL is still not working out.
For the SWQL i have been looking in the Orion.AlertStatus, Orion.AlertHistory and Orion.AlertObjects tables but still having issues tieing all the info together. I ether end up with too much junk data or missing alerts that have occured based on the emails that are going to me.
This report is being asked for by my management so just including them on the emails isn't really an option.
Wondering if anyone has something they have already built that they would be willing to share, if you want me to post some of the queries I'm using I will however right now its just some basic stuff to look at the listed tables and trying to figure out how to correlate it in a meaningful way.
Personal request on it is to either be built in the SWQL language rather than SQL so i don't have to worry about forward compatibility as updates happen, but I will take anything I can get.
