This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Are duplicate results in custom SQL alert triggers acceptable?

Hello all,

I've been attempting to create a custom SQL alert for UDT but I noticed that the default SELECT statement results in duplicate rows. All my JOIN actions just make this worse. Is this acceptable in the Alerting Engine or will this cause issues? I'm attempting to send an alert when a RogueMAC is detected within specific IP Subnets. I believe these duplications are also resulting in the custom SQL variables to sometimes return the code instead of a result. Any guidance and/or knowledge is greatly appreciated!

This returns duplicate rows.
SELECT UDT_RogueMACAlert.MACAddress, UDT_RogueMACAlert.EndpointID FROM UDT_RogueMACAlert
The below just makes it worse.
Left JOIN UDT_IPAddress IPA on IPA.EndPointID = UDT_RogueMacAlert.EndPointID
Left Join UDT_EndpointIP EIP on EIP.IPAddressID = IPA.IPAddressID
Where UDT_RogueMacAlert.Rogue = 1 AND ((IPA.IPAddress like 'x.x.x.%') OR (IPA.IPAddress like 'y.y.y.%'))