This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NOC alerts view

Hey,

I'm trying to find a way to display all the alerts that triggered and that are no longer active, but that were not acknowledge by the NOC.

Because, we sometime have a case were an alert trigger, but is resolved automatically within a minute and nobody had the chance to take ownership (acknowledge and open incident) of the alert, but we still want to track it. Exemple : node down, node up (reboot of network device)

I known that we could set the reset condition to "No reset action - Manually remove the alert from the active alerts list", but that would add an additional step in our alert management process.

Any ideal?

Thank you!

Parents
  • Try this in a custom query resource, i filtered it to alerts that were reset without an acknowledge.

    pastedImage_0.png

    --report on alerts triggered

    select ac.Name

    ,ah.Message

    ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(AlertObjectID) as [_linkfor_Name]

    ,EntityCaption as [Trigger Object]

    ,EntityDetailsUrl as [_linkfor_Trigger Object]

    ,case

    WHEN RelatedNodeCaption=EntityCaption THEN 'Self'

    When RelatedNodeCaption!=EntityCaption THEN RelatedNodeCaption

    End as [Parent Node]

    ,RelatedNodeDetailsUrl as [_linkfor_Parent Node]

    ,'/Orion/images/StatusIcons/Small-' + p.StatusIcon AS [_IconFor_Parent Node]

    ,tostring(tolocal(ah.TimeStamp)) as [Trigger Time]

    ,case when ack.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,ack.timestamp))

    end as [Minutes Until Acknowledged]

    ,ack.Message as [Note]

    ,case when reset.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,reset.timestamp))

    end as [Minutes Until Reset]

    FROM Orion.AlertHistory ah

    left join Orion.AlertObjects ao on ao.alertobjectid=ah.alertobjectid

    left join Orion.AlertConfigurations ac on ac.alertid=ao.alertid

    left join Orion.Actions a on a.actionid=ah.actionid

    left join Orion.Nodes p on p.nodeid=RelatedNodeID

    left join (select timestamp, AlertActiveID, AlertObjectID,message from orion.alerthistory ah where eventtype=2) ack on ack.alertactiveid=ah.AlertActiveID and ack.alertobjectid=ah.AlertObjectID

    left join (select timestamp, AlertActiveID, AlertObjectID from orion.alerthistory ah where eventtype=1) reset on reset.alertactiveid=ah.AlertActiveID and reset.alertobjectid=ah.AlertObjectID

    WHERE

    daydiff(ah.timestamp,GETUTCDATE())<30

    and ah.eventtype=0

    and ack.timestamp is null

    and reset.timestamp is not null

    --and (ac.Name like '%${SEARCH_STRING}%' or EntityCaption like '%${SEARCH_STRING}%' or RelatedNodeCaption like '%${SEARCH_STRING}%')

    order by ah.timestamp desc

    -Marc Netterfield

        Loop1 Systems: SolarWinds Training and Professional Services

Reply
  • Try this in a custom query resource, i filtered it to alerts that were reset without an acknowledge.

    pastedImage_0.png

    --report on alerts triggered

    select ac.Name

    ,ah.Message

    ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(AlertObjectID) as [_linkfor_Name]

    ,EntityCaption as [Trigger Object]

    ,EntityDetailsUrl as [_linkfor_Trigger Object]

    ,case

    WHEN RelatedNodeCaption=EntityCaption THEN 'Self'

    When RelatedNodeCaption!=EntityCaption THEN RelatedNodeCaption

    End as [Parent Node]

    ,RelatedNodeDetailsUrl as [_linkfor_Parent Node]

    ,'/Orion/images/StatusIcons/Small-' + p.StatusIcon AS [_IconFor_Parent Node]

    ,tostring(tolocal(ah.TimeStamp)) as [Trigger Time]

    ,case when ack.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,ack.timestamp))

    end as [Minutes Until Acknowledged]

    ,ack.Message as [Note]

    ,case when reset.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,reset.timestamp))

    end as [Minutes Until Reset]

    FROM Orion.AlertHistory ah

    left join Orion.AlertObjects ao on ao.alertobjectid=ah.alertobjectid

    left join Orion.AlertConfigurations ac on ac.alertid=ao.alertid

    left join Orion.Actions a on a.actionid=ah.actionid

    left join Orion.Nodes p on p.nodeid=RelatedNodeID

    left join (select timestamp, AlertActiveID, AlertObjectID,message from orion.alerthistory ah where eventtype=2) ack on ack.alertactiveid=ah.AlertActiveID and ack.alertobjectid=ah.AlertObjectID

    left join (select timestamp, AlertActiveID, AlertObjectID from orion.alerthistory ah where eventtype=1) reset on reset.alertactiveid=ah.AlertActiveID and reset.alertobjectid=ah.AlertObjectID

    WHERE

    daydiff(ah.timestamp,GETUTCDATE())<30

    and ah.eventtype=0

    and ack.timestamp is null

    and reset.timestamp is not null

    --and (ac.Name like '%${SEARCH_STRING}%' or EntityCaption like '%${SEARCH_STRING}%' or RelatedNodeCaption like '%${SEARCH_STRING}%')

    order by ah.timestamp desc

    -Marc Netterfield

        Loop1 Systems: SolarWinds Training and Professional Services

Children