• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 35 subscribers
  • Views 567 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SAM Alert Corruption. A way for pinpointing application monitors bound to an alert for audits

allen

Hello Everyone,

We have an issue where a SAM component went critical (Verified on the logs/events) however the Alert that is connected to the SAM Monitor did not fire at all. I've called support and they told me that the solution is re-create the alert which solved the issue. However, there's no way to audit our entire system to catch/identify these corruption. It is very dangerous for us to have monitors created and placed then the next thing you know, these conditions trigger and we have no way of knowing besides another painstaking rediscovery of a faulty application.

Customer Support has directed me to post in thwack as a restort.

The solution would be creating a query that would pull out all application monitor name that has anything that doesn't have an "up" status in a timeframe, then another query to pull out all alerts that has fired with the same name of the application monitor name.

Whichever application monitor that doesn't have any matches with an alert would definitely be a start of an audit.


Any guidance would be greatly appreciated. Thanks!

  • 0

    Nearly impossible to do as you would expect.  I mean it might be doable if all of your alerts are really simple, but even then it would incredibly difficult to produce.  I mean just think about simple situations like "alert of both app X and app Y are both down", or "alert triggered of more an X objects match the criteria".  That's not even getting into custom SQL and SWQL alerts.

    Now if I was tasked with this, what I would probably do is create a group for each alert with the exact same criteria, except for the "status" of the object.  Then you could look to see what groups that object is a member of... which is itself is more difficult then it should be.  But that does not even cover the more complex alerts.

  • 0 in reply to brscott

    Would it be possible if the AL1100 license to be used up entirely with no spare license, it could also corrupt the SQL database?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.