This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Report for triggered alerts past 1 day for 2 specified alerts only

Hi All need help setting up a report for triggered alerts history for past 1 day but only on for the two alerts below

Thanks in advance 

  • What Information do you need in the report? Here's something that I think is close, its SWQL. 

    SELECT 
        AH.AlertObjects.AlertConfigurations.DisplayName as [Alert Name],
        AH.AlertHistoryID, 
        AH.EventType, 
        AH.Message, 
        AH.TimeStamp,
        AH.AlertObjects.EntityCaption, 
        AH.AlertObjects.EntityDetailsUrl, 
        AH.AlertObjects.RelatedNodeCaption, 
        AH.AlertObjects.RelatedNodeDetailsUrl
    FROM Orion.AlertHistory AH
    Where 
           (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down'
        or  AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' )
        and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours
        and AH.EventType = 0 -- Event for alert trigger
    Order By AH.TimeStamp DESC






  • I had to edit it, bad copy/paste

  • Just how many times over the past 24 hours the alert triggered 

  • If you want the count, then try: 

    SELECT 
        Count( AH.AlertHistoryID) as [Alerts Triggered]
    FROM Orion.AlertHistory AH
    Where 
           (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down'
        or  AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' )
        and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours
    
        and AH.EventType = 0 -- Event for alert trigger


    But in either case that looks like the report page, so make sure your data source is using 'SWQL' if it is, then I am not sure why it doesn't run. We will have to look deeper. 

  • Need to add also the following alert name - 

    Meraki Device Interface Down (P3)

    Not sure on swql structure for this 

  • SELECT
        AH.AlertObjects.AlertConfigurations.DisplayName, 
        Count( AH.AlertHistoryID) as [Alerts Triggered]
    FROM Orion.AlertHistory AH
    Where 
           (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down'
        or  AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' )
        and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours
        and AH.EventType = 0 -- Event for alert trigger
    Group By AH.AlertObjects.AlertConfigurations.DisplayName

    Is this what you mean? Group counts by name

  • sorry i didnt make it clear enough i need the following alert added into the swql as well 

    Meraki Device Interface Down (P3)

  • so basically, it will report on 3 alerts 

  • I missed the word interface, thought it was the same, sorry 

    SELECT
        AH.AlertObjects.AlertConfigurations.DisplayName, 
        Count( AH.AlertHistoryID) as [Alerts Triggered]
    FROM Orion.AlertHistory AH
    Where 
           (AH.AlertObjects.AlertConfigurations.DisplayName like 'Cisco Store Router Down'
        or  AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Down (P3)' 
        or  AH.AlertObjects.AlertConfigurations.DisplayName like 'Meraki Device Interface Down (P3)' )
        and HOURDIFF(AH.TimeStamp , GetDate()) < 24 -- last day in hours
        and AH.EventType = 0 -- Event for alert trigger
    Group By AH.AlertObjects.AlertConfigurations.DisplayName