cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SWQL - Active Alerts Report

This is a query that I use to replicate the Active Alerts resource in a NOC view. (The original resource limits results to 5 rows by default)

Example Output:

2015-10-29_14-21-18.jpg

Please vote on this Feature Request to have this functionality added to the native Active Alerts resource:

Enjoy!

Labels (3)
Attachments
Comments

I got a question here, first of all very nice script.

But I am getting a error on this matter :

Msg 195, Level 15, State 10, Line 3

'ToString' is not a recognized built-in function name.

Msg 195, Level 15, State 10, Line 3

'ToString' is not a recognized built-in function name.

how to fix this?

This is a SWQL query (not SQL). Did you try running the script in SWQL Studio?

Otherwise, I just looked at my lab and it is still working there. I am not sure where the issue would be. For my lab, I use the "Custom Query Resource" to build this out.

How can I remove acknowledged alerts from this report?

Change the where line like this to remove acknowledged alerts.

WHERE o.AlertActive.TriggeredMessage <> '' and o.alertactive.acknowledged is not null

For some reason I have to use:

WHERE o.AlertActive.TriggeredMessage <> '' AND o.AlertActive.acknowledged IS NULL

You are right, it's obviously too late in the evening for me today.  Good eye

Thanks so much for this.  Between this and the query that wayne318  made here: Re: Filter Active Alerts on Dashboard​.  I was able to create a query that gave me what I needed.  Thank you both!

This is really helpful.

I have a related question: Is it possible to create a SWQL/SQL that will list "All Alerts this node can trigger" for a group of nodes?

I see on node details page, there is a section that shows exactly this.

But I can't find SWQL/SQL that is used at back end for it (so i could reuse it and pull same details for multiple nodes instead of a single node).

Great thread, Any way I can filter and remove Nodes that where "unmanaged" ? Similar to mesverrum and lprobst thread above for acknowledged?

zackm​ I have a question.  Is there a way to make a similar resource but it shows all historical alerts that email? I like to use this for Audit purposes. 

No worries, I didn't look at the query correctly, figured it out.

Version history
Revision #:
1 of 1
Last update:
‎10-29-2015 02:25 PM
Updated by: