One of our DBAs gave me a SQL query that I need to trigger an alert off of when any output is detected. I think there are a few ways handle this but wanted to ask here for some advice since I'm fairly new to SAM and don't know SQL very well. The query is below with an example of its output.
To summarize - The DBAs would like to see the output in the alert message, but the alert should only fire if there is output.
select
max(i.eventtime) as MaxEventtime,
i.Interactionid,
count(1) as CountOfEvents
FROM
ixn_eventlog_db..rpt_interaction i with (nolock)
group by
i.interactionid
having
count(1) > 1000000 and
max(i.eventtime) > DATEADD(day, DATEDIFF(day, 0, getdate()), -1)
order by
max(i.eventtime) desc
Output Example
Max Eventtime Interactionid Countof Events
----------------------- ---------------- -------
2022-05-06 19:37:19.000 0H10H731VHHNQR3A 2,196,288
2022-05-06 19:37:16.000 0H10H731VHHNQVTT 4,760,762
2022-05-04 14:03:58.000 0H10H431A7J01VRP 12,994,475
