Alert Acknowledge massage in Report with event details.


Anyone is using the report where we can get alert triggered event with alert acknowledge massage, below is the test example test sheet based on this we can create report,

Event TimeNodeEvent TypeMessageAcknowledged-statusAcknowledged Alert-Note Acknowledged-timeAcknowledged-By

Please suggest, how we can create a report. with above details.

Parents Reply Children
  • Hi Alex,

    These alert are working based on event log, and as you advise that trigger alert and event have not any co-relation,

    then this would be work,

    Could you please advise to solarwinds support team so they can help us also on this report. by the way i worked with team and they have advise us they are not supporting the customization, update the request in the thwack so that any one can help u on same.

    Case Update: 980589



  • My friend, I am not representing SolarWinds anyhow... I am just like you - user/customer who seeks my own answers and also helps others to get theirs. What exactly is not working for you? Why you don't like out-of-the-box alerts and reports which I have shown above as an examples?

  • Thanks i am respecting your word

    But the given example o report os not fruitful

    If you really understand the requirement of report then pleade let us know

    the way to get the same report



  • How would it look like if it were "fruitful" then?

  • Hi Alex,

    Actually as you know with previous conversation , the report is working based on event and if we want to add below column details

    Event TimeNodeEvent TypeMessageAcknowledged-statusAcknowledged Alert-NoteAcknowledged-time



    which is not showing the correct output, we have posted the number of sql query which we have used,

    May i know you are not using the such type of report In your infra,

    you are interested to know ho many alert is generated every day and in which alert is not being acknowledge by team or not.

    i want to such type of report where team is working on all alert and crating a ticket. or you can say acknowledged or not



  • Hi Jeremy

    Actually same details were given by Alex and same is not useful because I

    am creating the report based on event(netperfmon event log ) and you are

    referring to us for trigger alert if I am using this it is not giving the

    required information,

    1- everyday number of alert is triggered, by event log we can identify how

    many alerts are triggerd for node, based on we are doing investigation in

    node level all alerts are true or false and infra team start to work also

    If I can get the details who is ack the alert or not that would be good,

    that's why I would like to this type of report

  • The Acknowledged flag does not exist in Events. It belongs to Alert. So, if you want this info - you MUST either report on Alerts OR use SQL to link your Events to Alerts (Dan above has given you some ideas already how to do it with SQL - you can take it from there and expand to what you need).

    If you are still not convinced - Albert Einstein will be able to give you further guidance

  • I used the all query to get the correct report but unfortunately report is

    not correct,

    That's why i am asking to all of you to get the correct report and i have

    bit knowledge of SQL query.

    Let me know you are not really interested to get the same report. Where

    user is acknowledged on how many alERT in daily basis, and which is not


  • No, no, report is correct. I have checked it myself - it works good for me. Report is very fruitful and gives me all I need ...  kidding emoticons_happy.png


    Anyway, try this SQL - it will extract all historical alerts for you. It will NOT show active alerts, as they are not history yet. You can see all active alerts in ALERTS & ACTIVITY > ALERTS, where you can find Acknowledgement status as well

    I believe your Message (*in bold below*) will now be extracted from the Alert as you wanted to



      ,n.Caption AS 'NODE'

      ,a_log.EntityCaption AS 'Object'

      ,a_def.AlertName AS 'AlertName'

      ,a_log.TimeStamp AS 'LogDateTime'

      ,CONVERT(date, a_log.TimeStamp) AS 'DATE'

      ,act.CategoryType AS 'TYPE'

      ,a_log.[Message] AS 'Message'

      ,a_log.EventTypeWord AS 'Status'

    FROM AlertHistoryView a_log WITH(NOLOCK)

    INNER JOIN AlertDefinitionsView a_def WITH(NOLOCK) ON a_def.AlertDefID = a_log.AlertRefID

    LEFT JOIN Nodes n ON n.NodeID = a_log.RelatedNodeID

    LEFT JOIN ActionsAssignments act WITH(NOLOCK) ON act.ActionID = a_log.ActionID


      --number of days to pull off logs from history

      DATEDIFF(DAY, a_log.TimeStamp, getUTCdate()) < 30

      --only return alerts which have triggered email action

      AND a_log.ActionTypeID = 'Email'

    ORDER BY a_log.TimeStamp desc

  • Alex, -thanks for response but sorry given query is not useful, because it is giving the trigger email notification, which is not required.

    @i am using the below query which is little bit right for us but the point is, i need some help on this query where you can set limitation on "[AuditingEvents].TimeLoggedUtc," table, so that it would not show the old data from one day, because i am fetching the report only for one day.


    NetObjectID, Event_Time, NodeName,

    Event_Type,  Cast(Message As nvarchar(250)) as Message,TimeLoggedUtc,AccountID,ActionTypeID,AuditEventMessage From ( SELECT Nodes.NodeID AS NodeID,

    Events.EventTime AS Event_Time,


    Nodes.Caption AS NodeName,

    Events.EventType AS Event_Type,

    Events.Message AS Message,







    INNER JOIN (Events INNER JOIN EventTypes Events_EventTypes ON

    (Events.EventType = Events_EventTypes.EventType)) ON

    (Nodes.NodeID = Events.NetworkNode)

    Inner Join [AuditingEvents] on (events.NetObjectID = [AuditingEvents].netobjectID)


    ( eventtime between (select (DATEADD(dd,-1,getdate()))) AND (select getdate()))



      (Events.EventType = 5000 ) OR

      (Events.EventType = 520 ) OR

      (Events.EventType =  521) OR

      (Events.EventType = 10))

      AND (AuditingEvents.ActionTypeID =6)

    ) As r ORDER BY 2 DESC