Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

advanced alert for SW node being added

Hi there

I hope you can help

I have managed to create an alert that can get emailed out to another team member regarding a newly added device but It only contains the info within the audit log

for example

User domain\username created node Solarwinds Test device. This is fine but i would also like to have a couple of custom properties displayed in the email message that are key to the device namely the devices asset tag and serial no. The alert only looks into the audit event for the trigger, i cant get it to drill down into the node to get the other CP's that i need

Does anyone know how i might be able to get this too work?

Thanks in advance 😉

Labels (1)
Tags (1)
0 Kudos
4 Replies

Two approaches you can take, use a custom SWQL/SQL based alert trigger where you join the audit event to the nodeid and alert on the node, that way you can use node properties for the variables on the trigger actions.

The alternative is you would leave the alert trigger logic the way it is now, but then use custom swql/sql variables to get the information you are looking for into the trigger actions.  I think this method might be a lot more time writing custom swql for all the variables so I'd go with the first option if it was me. 

Generally speaking I don't go down this road unless it is a very small company because it becomes tedious to micromanage all this stuff as the monitoring tool owner.  At scale the method that makes sense to me is basically as follows:

- Node adds/deletions just get displayed in a report that monitoring team can review each morning.  I don't want a dozen separate emails throughout the day interrupting my work for single nodes, I just want to bang them all out in a batch.

- Custom properties that are important to me get automatically populated as much as possible.  For example if there is a naming convention that dictates a server type then I set up an alert where all new nodes with the server_type property is empty but the name contains SQL the the alert action is to set the server_type = SQL.  Likewise you can often specify that certain subnets are associated with specific sites and build rules to capture those relationships (although this method gets to be a real pain if you aren't using primarily /16 or /24 subnet schemes).  There's a million ways to approach this but I do everything in my power not to have to set properties by hand myself, and not to rely on user input because that can be a nightmare in itself.  Serial numbers can often be picked up from asset inventory or NCM or from UNDP pollers or can be synced from a CMDB if a reliable one exists, if you are actually using asset tags then there is a fair chance that those tags get entered into some application somewhere so I prefer to scrape from there.

- Separately from the new nodes I also have a report of nodes that are missing any of my key custom properties so I can spot check anything that may have slipped through my existing rules so I can fix their logic, or create new rules, or just try to hunt down the random oddball one-offs.  I typically like to be able to offload that report to various application or server teams so they can do more of the leg work for me but I usually take the data they give me and use it to build more rules rather than just importing the spreadsheet directly because if I can make a rule we never have to think about servers like that again, they just sort themselves out automatically.  A few cycles like this and you can really help to get all the new node stuff to be relatively self service.  I don't want to try to figure things out on my own, and app teams don't want me constantly harassing them, we all just want the monitoring to be as close as we can get to instant and no-effort across the board.

- Marc Netterfield, Github


Thanks for that info and i think the answer to the puzzle is what you first suggested but i cant get the alert to drill down into the asset to get the info that i want, event info is perfect but nothing from the node itself from custom properties

Here is a copy of my trigger condition and my email trigger action


${N=SwisEntity;M=CustomProperties._1_Serial_Number;F=OriginalValue} ${N=SwisEntity;M=CustomProperties.AssetTag}   .......................................This line doesnt bring anything back

Device network name (Computer Name)   ${N=SwisEntity;M=AuditEventMessage}

Time Device added to SW    ${N=Generic;M=DateTime;F=DateTime}

Hope you can help a little further



0 Kudos

This is what i have in at present but it gives a syntax error

${SQL: SELECT N=SwisEntity;M=CustomProperties._1_Serial_Number;F=OriginalValue} {N=SwisEntity;M=CustomProperties.AssetTag}

thanks in advance 😉

0 Kudos

I have now got the alert to fire and dig down into the asset tag now and display a custom property

here is the code that i used

Asset Tag = ${SQL: SELECT N.AssetTag FROM Nodes N JOIN AuditingEvents A ON N.NodeID  = A.NetworkNode where A.AuditEventID = ${N=SwisEntity;M=AuditEventID}}

Happy days are here again 😉