I am looking for a query where if any monitored entity like nodes or volumes or interfaces has no alert configured. Can anyone assist here?
Thank you.
That's an interesting question that I don't think there's an answer to, because the relationship between entities and alerts is complex. I asked about this a few years ago and was told that on the 'Node Details' page there is a widget that lists Alerts that the node in question can trigger, but that's calculated in real time while the page loads and behind the scenes is a BIG set of queries. This was in 2023.4 days though, maybe there's a better answer in later versions.
Depending on how the alerts are designed, there is no possibility to check this.
Alerts are not bound or connected to entities, it's queries against the database towards all the entities. Different customers set up how they want alerts in different ways, so it's almost impossible to have such a generic alert.
I have not found a better way to do this. However, I have discovered that the same widget mentioned for the Node Summary page can be added to other Summary pages like the Interface Summary, Application Details Summary. This at least helps when checking those summary pages to see if that interface or that application falls in the scope of an alert.
I have a similar problem with SQL/SWQL-based alerts
You can prove historical evidence fairly well. For example, a small node widget could show the distinct alert types that have triggered against that node, volume, or interface over the last 90 days. That at least gives you evidence that the object has been seen by alerting logic before.
The harder bit is forward-looking
Alert history can tell you what has fired, but it does not fully prove what will fire next time.
Once you include custom SQL/SWQL alerts, custom properties, exclusions, muted logic, groups, dependencies, object scope it becomes much harder to say with confidence: “this object definitely has alert coverage.”