Hi All need help setting up a report for triggered alerts history for past 1 day but only on for the two alerts below
Thanks in advance
What Information do you need in the report? Here's something that I think is close, its SWQL.
SELECT AH.AlertObjects.AlertConfigurations.DisplayName as [Alert Name], AH.AlertHistoryID, AH.EventType, AH.Message, AH.TimeStamp, AH.AlertObjects.EntityCaption, AH.AlertObjects.EntityDetailsUrl, AH.AlertObjects.RelatedNodeCaption, AH.AlertObjects.RelatedNodeDetailsUrlFROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert triggerOrder By AH.TimeStamp DESC
I had to edit it, bad copy/paste
Just how many times over the past 24 hours the alert triggered
If you want the count, then try:
SELECT Count( AH.AlertHistoryID) as [Alerts Triggered]FROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert trigger
Need to add also the following alert name -
Not sure on swql structure for this
SELECT AH.AlertObjects.AlertConfigurations.DisplayName, Count( AH.AlertHistoryID) as [Alerts Triggered]FROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert triggerGroup By AH.AlertObjects.AlertConfigurations.DisplayName
Is this what you mean? Group counts by name
sorry i didnt make it clear enough i need the following alert added into the swql as well
Meraki Device Interface Down (P3)
so basically, it will report on 3 alerts
Are you expecting something like this?
Try this in your Custom Table resource (SQL Query, not SWQL)
SELECTName 'Alert Name',EntityCaption 'Object of Alert',COUNT(1) 'Times Alert Triggered'FROM AlertHistoryViewWHERE EventTypeWord = 'Triggered' AND ((Name = 'Cisco Store Router Down') OR (Name = 'Meraki Device Down (P3)') OR (Name = 'Meraki Device Interface Down (P3)))AND TimeStamp > (GETDATE()-1)GROUP BY Name, EntityCaption
