custom query for fetching active alerts

 I am trying to query the below parameters (Active Alarms , relevant Node details , its Severity and Region etc.) ...From the documentation active alerts can be fetched from this details 

[Orion.AlertActive ] 

in the above table , i am not able to query relevant node details , severity ,, can some one help me which this creating custom query ...to fetch these properties [Active alerts , respective node id , alert severity , and region ]

Parents
  • I usually use the Event Table instead of the Alert Table. EventType 5000 is an Alert and 5001 is the Reset. The Message field contains the event message. That should get you started. 

    SELECT TOP 1000 EventID, EventTime, NetworkNode, NetObjectID, NetObjectValue, EngineID, EventType, Message, Acknowledged, NetObjectType, TimeStamp, DisplayName, Description, InstanceType, Uri, InstanceSiteId

    FROM Orion.Events
    Where EventType LIKE '%5000%' OR EventType LIKE '%5001%'
  • Hi , Thanks for the info , How about the severity ?

  • You can pull everything with the severity via SWQL

    SELECT
    	o.AlertConfigurations.Name AS [ALERT NAME]
    	,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:' + ToString(o.AlertObjectID) AS [_LinkFor_ALERT NAME]
    	,o.EntityCaption AS [ALERT OBJECT]
    	,o.EntityDetailsURL AS [_LinkFor_ALERT OBJECT]
    	,o.RelatedNodeCaption AS [RELATED NODE]
    	,o.RelatedNodeDetailsURL AS [_LinkFor_RELATED NODE]
    	,ToLocal(o.AlertActive.TriggeredDateTime) AS [ALERT TRIGGER TIME]
    	,o.AlertActive.TriggeredMessage AS [ALERT MESSAGE]
    	,CASE o.AlertConfigurations.Severity
    		WHEN 0 THEN 'Informational'
            WHEN 1 THEN 'Warning'
    		WHEN 2 THEN 'Critical'
            WHEN 3 THEN 'Serious'
            WHEN 4 THEN 'Notice'
            ELSE CONCAT('Unknown Severity: ', o.AlertConfigurations.Severity)
    	END AS [Severity]
    --	,N.CustomProperties.NodeRegion
    FROM Orion.AlertObjects AS o
    LEFT JOIN Orion.Nodes AS N ON N.Caption = o.RelatedNodeCaption
    WHERE o.AlertActive.TriggeredMessage <> ''
    ORDER by o.AlertActive.TriggeredDateTime DESC

  • Dear , 

    Thank you so much for this information , 

    One query , Can you help me with the query which gives total no of active alerts in numbers ? so that i can feed that to grafana , 

    Thanks a ton in advnace .

Reply Children