Good afternoon everyone!
I working on an alert to trigger whenever a user mutes a node without specifying a end-date. I tested the following SWQL query in SWQL Studio:
SELECT Nodes.Uri, Nodes.DisplayName FROM Orion.Nodes AS Nodes
Join Orion.AlertSuppression n on n.EntityUri=Nodes.Uri
where n.SuppressUntil is NULL
It successfully provides me a list of nodes muted without an end-date. When I popped into the alert I attached to this thread, it even gives me a warning about the nodes listed as objects that will be triggered immediately. However nothing happens when I make it active. I expected it to pop up as an active alert, what have I done wrong? I would appreciate any advice that anyone can provide. Thanks!
Solved! Go to Solution.
Ok everyone, I appreciate all the attention this got and with some additional time to think about it, I got it figured out. I just needed to target the audit events opposed to the nodes themselves.
SELECT * FROM [dbo].[AuditingEvents]
Where AuditingEvents.AuditEventMessage like '% muted alerts on %' and TimeLoggedUtc > DATEADD (minute, -1, SYSUTCDATETIME())
Problem solved! Now I have an alert that will trigger every time a user fails to schedule end time for muting a node. I appreciate everyone's help!
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.