Full Orion alert rule export using Powershell and OrionSDK

Orion does not yet have a way to perform a complete bulk export (full backup) of all alert rules from the web console UI.

So as of today, the only option is to use the OrionSDK.

There are several use cases on why an Orion admin might need to perform a complete alert rule export.

1. When migrating from one Orion instance to another.

2. Alert rule synchronization between multiple Orion instances.

3. Backup.

Provided below is a Windows Powershell script that will export every ENABLED alert rule from an Orion instance.

Each alert rule will be exported to individual XML files using the <ALERT NAME>-ID-<ALERT ID>.xml naming convention.

# --- Author: Joseph Dissmeyer, www.dissmeyer.com
# --- Last updated: 2020-01-15
# --- Reference: thwack.solarwinds.com/.../433199
# ---
# --- Save as .ps1 file in your scripts directory.
# ---
# --- How it works:
# --- Downloads all enabled alert rules from an Orion instance.
# --- Each rule is saved individually as .XML file to the same directory
# --- where the script is executed from.
# --- NOTE: This only exports alert rules that are currently ENABLED.

# Requirements:
# 1. OrionSDK. Download binaries from github.com/.../OrionSDK
# 2. An Orion basic user that has "Alert management rights" enabled.
# 3. Edit the hostname, username and password.
# Verify OrionSDK SwisSnapin presence 
if (!(Get-PSSnapin -Name "SwisSnapin" -ErrorAction SilentlyContinue))
    Add-PSSnapin SwisSnapin -ErrorAction SilentlyContinue   
# Define Variables 
$swis = Connect-Swis -Hostname my-orion-host.domain.com -Username alertbackup -Password My_Bogu$_P@55w01d
# Get all AlertIds, add to array
$AlertList = Get-SwisData $swis "SELECT AlertId FROM Orion.AlertConfigurations WHERE Enabled = True" 
$AlertIds = $AlertList -split ' ' 

# Iterate through the Alertids array, back up each rule found
foreach($alertid in $AlertIds){ 
  $alerttitle = Get-SwisData $swis "SELECT Name FROM Orion.AlertConfigurations WHERE AlertId = $alertid" 
  # remove all possible 'special characters' from the alert title
  $alerttitle = $alerttitle -replace '(#|\||"|,|/|:|\<|\>|\[|\]|%|$|@|â|€|Tm|\?)', '' 
  # remove all spaces from the alert title, replace with underscore
  $alerttitle = $alerttitle -replace '\s','_' 
  $filename = "$alerttitle-ID-$alertid.xml" 
  Set-Content $filename $ExportedAlert.InnerText 
  $ExportedAlert = Invoke-SwisVerb $swis Orion.AlertConfigurations Export @($alertid)

# End script

I currently have this running as a scheduled task to backup all active alert rules daily, then commit changes to a git repository.

You may need to modify this PS script for your own environment.

This script has been tested on:

Windows 10 workstation

Windows Server 2012 R2

Windows Server 2016

Parents Reply Children
No Data