cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 13

Alert on event counts over a period of time

Jump to solution

Does anyone know of a way to make an alert dependent on a certain condition occurring multiple times over the course of a time period?  For example, can I create an alert that will be triggered if a box reboots more than once in a week?  In our environment it's normal for some of my boxes to restart once a week, but it's not normal for them to restart more than that. 

Thanks in advance!

-Brandon

1 Solution
Level 11

You'll have to get very intimate with your database, particularly your Events table, but you should be able to tie in events against Nodes.

As an example - if a box reboots more than once a week (untested, but the DB query works..)

Type of Property to Monitor: Custom SQL Alert
Set up your Trigger Query: Node

WHERE 

Nodes.NodeID IN (

  SELECT NetObjectID

  FROM Events

  WHERE  NetObjectType = 'N' AND EventType = 14 AND EventTime >= DATEADD(DAY,-7,GETDATE())

  GROUP BY NetObjectID

  HAVING COUNT(1) > 1

)

 

 

EventType = 14 is the reboot code (see the EventTypes table for a list)

DATEADD(DAY,-7,GETDATE()) calculates 7 days ago (i.e. in the last week)

NetObjectType = 'N' pulls only Node events

HAVING COUNT(1) > 1 for those that match more than 1 time (adjust accordingly)

View solution in original post

3 Replies

I know this has been answered above by a really complicated 'get intimate with your database' answer but why wouldn't you just have the event (I.E. Last boot time changed) send a trap to your poller and alert on that threshold?

0 Kudos
Level 11

You'll have to get very intimate with your database, particularly your Events table, but you should be able to tie in events against Nodes.

As an example - if a box reboots more than once a week (untested, but the DB query works..)

Type of Property to Monitor: Custom SQL Alert
Set up your Trigger Query: Node

WHERE 

Nodes.NodeID IN (

  SELECT NetObjectID

  FROM Events

  WHERE  NetObjectType = 'N' AND EventType = 14 AND EventTime >= DATEADD(DAY,-7,GETDATE())

  GROUP BY NetObjectID

  HAVING COUNT(1) > 1

)

 

 

EventType = 14 is the reboot code (see the EventTypes table for a list)

DATEADD(DAY,-7,GETDATE()) calculates 7 days ago (i.e. in the last week)

NetObjectType = 'N' pulls only Node events

HAVING COUNT(1) > 1 for those that match more than 1 time (adjust accordingly)

View solution in original post

Thanks Andy -- that query works great.  I'm having trouble getting my alert to actually trigger, but at least I know the query portion is good.

0 Kudos