I've been attempting to create a custom SQL alert for UDT but I noticed that the default SELECT statement results in duplicate rows. All my JOIN actions just make this worse. Is this acceptable in the Alerting Engine or will this cause issues? I'm attempting to send an alert when a RogueMAC is detected within specific IP Subnets. I believe these duplications are also resulting in the custom SQL variables to sometimes return the code instead of a result. Any guidance and/or knowledge is greatly appreciated!
This returns duplicate rows.
SELECT UDT_RogueMACAlert.MACAddress, UDT_RogueMACAlert.EndpointID FROM UDT_RogueMACAlert
The below just makes it worse.
Left JOIN UDT_IPAddress IPA on IPA.EndPointID = UDT_RogueMacAlert.EndPointID
Left Join UDT_EndpointIP EIP on EIP.IPAddressID = IPA.IPAddressID
Where UDT_RogueMacAlert.Rogue = 1 AND ((IPA.IPAddress like 'x.x.x.%') OR (IPA.IPAddress like 'y.y.y.%'))
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.