• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 488 subscribers
  • Views 640 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Seeking help with SWQL filter

ArchieG

Hi,

No working knowledge of SWQL at all here - Please can somebody tell me how to filter alerts by severity?

I found SWQL below on Active Alerts with Severity - Custom Queries - The Orion Platform - THWACK (solarwinds.com) but I'd like to filter out "Informational" alerts. 

SELECT
o.AlertConfigurations.Name AS [ALERT NAME]
,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:' + ToString(o.AlertObjectID) AS [_LinkFor_ALERT NAME]
,o.EntityCaption AS [ALERT OBJECT]
,o.EntityDetailsURL AS [_LinkFor_ALERT OBJECT]
,o.RelatedNodeCaption AS [RELATED NODE]
,o.RelatedNodeDetailsURL AS [_LinkFor_RELATED NODE]
,ToLocal(o.AlertActive.TriggeredDateTime) AS [ALERT TRIGGER TIME]
,o.AlertActive.TriggeredMessage AS [ALERT MESSAGE]
,CASE o.AlertConfigurations.Severity
WHEN 0 THEN 'Informational'
WHEN 1 THEN 'Warning'
WHEN 2 THEN 'Critical'
WHEN 3 THEN 'Serious'
WHEN 4 THEN 'Notice'
ELSE CONCAT('Unknown Severity: ', o.AlertConfigurations.Severity)
END AS [Severity]
-- ,N.CustomProperties.NodeRegion
FROM Orion.AlertObjects AS o
LEFT JOIN Orion.Nodes AS N ON N.Caption = o.RelatedNodeCaption
WHERE o.AlertActive.TriggeredMessage <> ''
ORDER by o.AlertActive.TriggeredDateTime DESC

 

  • +1

    Just add an additional filter to the WHERE clause to block informational alerts.

    SELECT o.AlertConfigurations.Name AS [ALERT NAME]
     , '/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:' + ToString(o.AlertObjectID) AS [_LinkFor_ALERT NAME]
     , o.EntityCaption AS [ALERT OBJECT]
     , o.EntityDetailsURL AS [_LinkFor_ALERT OBJECT]
     , o.RelatedNodeCaption AS [RELATED NODE]
     , o.RelatedNodeDetailsURL AS [_LinkFor_RELATED NODE]
     , ToLocal(o.AlertActive.TriggeredDateTime) AS [ALERT TRIGGER TIME]
     , o.AlertActive.TriggeredMessage AS [ALERT MESSAGE]
     , CASE o.AlertConfigurations.Severity
         WHEN 0 THEN 'Informational'
         WHEN 1 THEN 'Warning'
         WHEN 2 THEN 'Critical'
         WHEN 3 THEN 'Serious'
         WHEN 4 THEN 'Notice'
         ELSE CONCAT('Unknown Severity: ', o.AlertConfigurations.Severity)
       END AS [Severity]
--   , N.CustomProperties.NodeRegion
FROM Orion.AlertObjects AS o
LEFT JOIN Orion.Nodes AS N
   ON N.Caption = o.RelatedNodeCaption
WHERE o.AlertActive.TriggeredMessage <> ''
  AND o.AlertConfigurations.Severity <> 0 -- Informational
  -- OPTIONAL - Also skip "Notice" alerts
  AND o.AlertConfigurations.Severity <> 4
ORDER by o.AlertActive.TriggeredDateTime DESC

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Customer Portal
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.