• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 24 subscribers
  • Views 659 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How to find effectively disabled alerts/actions?

w_at_work

It seems like there's a large number of ways that Alerts and Actions in Orion can be set up where they don't actually do anything.

Examples: Enabled alert config/definition with all actions disabled. Action with no ActionAssignment, Action that is only assigned to a disabled Alert config, impossible scheduling, email actions with no valid destinations.

I'm sure I'm missing more ways.

I'm looking for any suggestions or guidance on finding these "effectively disabled" alerts and actions so I can remove them from my Orion environment. I've inherited a mess and been left to sort out what was dumped on my lap into a useful monitoring/reporting tool, as it isn't currently. Less noise to sort through will make analyzing and consolidating the rest easier.

So far I've been using SwisPowerShell to grab and push data, so SWQL queries and Powershell is extra appreciated.

Sidenote: I've been trying to figure out the relationships between Actions, ActionAssignments, AlertConfigurations, and AlertDefinitions.

Want to confirm if this is right: 1 Action -> Many ActionAssignments. Many ActionAssignments -> 1 AlertConfiguration. 1 AlertConfig <-> 1 AlertDefinition.

Thanks in advance!

  • 0

    This is the relationships for the Orion.Alert% and Orion.Action% entities (as of the 2022.2 release)

    Entity Name Navigation Property in "Name (Target Entity)" format
    Orion.ActionAssignmentProperties Assignments (Orion.ActionsAssignments)
    Orion.Actions AlertIncident (Orion.ESI.AlertIncident)
    Orion.Actions Assignments (Orion.ActionsAssignments)
    Orion.Actions Properties (Orion.ActionsProperties)
    Orion.ActionsAssignments Action (Orion.Actions)
    Orion.ActionsAssignments Properties (Orion.ActionAssignmentProperties)
    Orion.ActionsProperties Action (Orion.Actions)
    Orion.AlertActive AlertActiveObjects (Orion.AlertActiveObjects)
    Orion.AlertActive AlertObjects (Orion.AlertObjects)
    Orion.AlertActiveObjects AlertActive (Orion.AlertActive)
    Orion.AlertConfigurations AlertObject (Orion.AlertObjects)
    Orion.AlertConfigurations CustomProperties (Orion.AlertConfigurationsCustomProperties)
    Orion.AlertConfigurationsCustomProperties Alert (Orion.AlertConfigurations)
    Orion.AlertHistory AlertObjects (Orion.AlertObjects)
    Orion.AlertObjects AlertActive (Orion.AlertActive)
    Orion.AlertObjects AlertConfigurations (Orion.AlertConfigurations)
    Orion.AlertObjects AlertHistory (Orion.AlertHistory)
    Orion.AlertObjects AlertIncident (Orion.ESI.AlertIncident)
    Orion.AlertObjects Node (Orion.Nodes)
    Orion.ESI.AlertIncident Actions (Orion.Actions)
    Orion.ESI.AlertIncident AlertObjects (Orion.AlertObjects)
    Orion.Nodes AlertObjects (Orion.AlertObjects)
    Orion.ServiceDesk.AlertIncident Actions (Orion.Actions)
    Orion.ServiceDesk.AlertIncident AlertObjects (Orion.AlertObjects)
    Orion.ServiceNow.AlertIncident Actions (Orion.Actions)
    Orion.ServiceNow.AlertIncident AlertObjects (Orion.AlertObjects)

    If you aren't running the same version, you can run the below query in SWQL Studio to get the relationships:

    SELECT [Properties].EntityName AS [Entity Name]
      , CONCAT([Properties].Name, ' (', [Properties].Type, ')') AS [Navigation Property in "Name (Target Entity)" format]
FROM Metadata.Property AS [Properties]
WHERE [Properties].IsNavigable = 'True'
  AND [Properties].IsObsolete = 'False'
  AND (
        [Properties].EntityName LIKE 'Orion.Alert%'
     OR [Properties].EntityName LIKE 'Orion.Action%'
     OR [Properties].Type LIKE 'Orion.Alert%'
     OR [Properties].Type LIKE 'Orion.Action%'
      )
  AND [Properties].Name NOT IN ('OrionSite')
ORDER BY [Properties].EntityName
       , [Properties].Name
       , [Properties].Type

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.