Amount of unacknowledged critical and warning alerts

Hi everyone,

I'm trying to create a basic SWQL Dashboard for my company. The only thing currently missing is a way to display the total number of "Unacknowledged CRITICAL alerts" and "Unacknowledged WARNING alerts".

I tried searching for similar examples, but all the SWQL code I found is embedded in JSON files. Unfortunately, due to our security policies, I can’t upload JSON files to my servers.

Does anyone know how I can achieve this for these two widgets?

Thanks a lot!

  • The code would be like

    Select COUNT(AA.ID) as [Count]
    FROM Orion.AlertsActive aa

    WHERE aa.STATUS like x


    You could join to the Orion.StatusDescription table for easier text selection or Alerthistory and whatnot for more details but for a count specifically it shouldnt matter much

    Wrote that freehand not validated, yell if that doesnt set you in the right direction

    If you find some SWQL in JSON files you can probably just copypaste the SWQL part out, it'll start with a SELECT and end with WHERE x usually (though could be UNIONs or GROUP BY etc)

  • Hi  

    First, thank you for taking your time to help me on this. ;)

    Now, I have created this one:

    SELECT COUNT(AlertObjectID) AS Quantity
    FROM Orion.AlertActive
    WHERE ISNULL(Acknowledged, 0) = 0;

    But actually, after thinking better I'd like to have the whole active alerts and not only the unacknowledged. Would you help me, please?

    Thanks!