Hi All need help setting up a report for triggered alerts history for past 1 day but only on for the two alerts below
Thanks in advance
What Information do you need in the report? Here's something that I think is close, its SWQL.
SELECT AH.AlertObjects.AlertConfigurations.DisplayName as [Alert Name], AH.AlertHistoryID, AH.EventType, AH.Message, AH.TimeStamp, AH.AlertObjects.EntityCaption, AH.AlertObjects.EntityDetailsUrl, AH.AlertObjects.RelatedNodeCaption, AH.AlertObjects.RelatedNodeDetailsUrlFROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert triggerOrder By AH.TimeStamp DESC
I had to edit it, bad copy/paste
Just how many times over the past 24 hours the alert triggered
If you want the count, then try:
SELECT Count( AH.AlertHistoryID) as [Alerts Triggered]FROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert trigger
Need to add also the following alert name -
Not sure on swql structure for this
SELECT AH.AlertObjects.AlertConfigurations.DisplayName, Count( AH.AlertHistoryID) as [Alerts Triggered]FROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert triggerGroup By AH.AlertObjects.AlertConfigurations.DisplayName
Is this what you mean? Group counts by name
sorry i didnt make it clear enough i need the following alert added into the swql as well
Meraki Device Interface Down (P3)
so basically, it will report on 3 alerts
I missed the word interface, thought it was the same, sorry
SELECT AH.AlertObjects.AlertConfigurations.DisplayName, Count( AH.AlertHistoryID) as [Alerts Triggered]FROM Orion.AlertHistory AHWhere (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' or AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Interface Down (P3)' ) and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours and AH.EventType = 0 -- Event for alert triggerGroup By AH.AlertObjects.AlertConfigurations.DisplayName
Are you expecting something like this?
Try this in your Custom Table resource (SQL Query, not SWQL)
SELECTName 'Alert Name',EntityCaption 'Object of Alert',COUNT(1) 'Times Alert Triggered'FROM AlertHistoryViewWHERE EventTypeWord = 'Triggered' AND ((Name = 'Cisco Store Router Down') OR (Name = 'Meraki Device Down (P3)') OR (Name = 'Meraki Device Interface Down (P3)))AND TimeStamp > (GETDATE()-1)GROUP BY Name, EntityCaption
