Turn specific EVENTS on/off? (not alerts) Or custom SWQL event log display?

There are some events that show up all the time that we don't care about and don't need.   Group up/down/warning, group MAPS up/down/warning... there are other examples that aren't group based as well.  I know we can filter these in the message log, but can certain events be filtered from the default "Event Summary" widget?   Or can a custom widget be crafted that shows all events except certain ones? Perhaps a custom SWQL?

  • I too have too many events that don't need to be recording. GROUPS is the largest of these. I already know about the nodes that alert (or interfaces) and don't really want EVENT FATIGUE in the log from Groups/MAPS/ETC. Has then been elevated to SW for a fix/product update?

    thanks,

    Mark

  • You could definitely create a Custom Query widget and input some SWQL.

    A very simple SWQL to eliminate the EventType you don't want... for example:

    SELECT EventID, EventTime, NetworkNode, NetObjectID, NetObjectValue, EngineID, EventType, Message, Acknowledged, NetObjectType, TimeStamp
    FROM Orion.Events
    
    WHERE (EventType NOT LIKE '50') 
    AND (EventType NOT LIKE '51')  
    AND (EventType NOT LIKE '52')  
    AND (EventType NOT LIKE '53')  
    AND (EventType NOT LIKE '900')  
    AND (EventType NOT LIKE '1001') 

    To find out what the event types are then run the following query in SWQL Studio:


    SELECT EventType, Name
    FROM Orion.EventTypes

    However, it might just be easier to write the first code to include the EventTypes you want to see... so rather than the (EventType NOT LIKE...) you'd use something like:

    SELECT EventID, EventTime, NetworkNode, NetObjectID, NetObjectValue, EngineID, EventType, Message, Acknowledged, NetObjectType, TimeStamp
    FROM Orion.Events
    
    WHERE (EventType = '1')
    OR  (EventType = '2')
    OR  (EventType = '5')


    Two things to bear in mind ....

    1. Remove the fields (e.g. NetworkNode, NetObjectID, etc) that you don't want to display

      AND

    2. Most importantly so as not to overburden the DB is to restrict the query in some manner. So you could use 
      1. SELECT TOP 1000 - to retrieve the last 1000 types you've coded

        or

      2. Date/Time restrict it using something like: WHERE EventTime >= ADDHOUR(-24,EventTime)

    So the above code could look like:

    SELECT EventID, EventTime, EventType, Message, Acknowledged
    
    FROM Orion.Events
    
    WHERE EventTime >= ADDHOUR(-24,EventTime)
    AND(EventType = '1')
    OR  (EventType = '2')
    OR  (EventType = '5')