cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Create an audit event for "Clear triggered instance of alert"

Create an audit event for "Clear triggered instance of alert"

In the "All Active Alerts" page, a user may delete a triggered instance of an alert by selecting an alert and clicking the "CLEAR TRIGGERED INSTANCE OF ALERT" link at the top of the grid. When an alert is cleared this way, it's deleted from the database but the action is not logged. Solarwinds already logs instances of alerts being triggered and reset. For business auditing purposes, Solarwinds should also log when an alert instance is manually cleared/deleted. As an additional benefit, adding this audit event would allow users to trigger alert actions when an alert is manually cleared (for instance, if someone clears an alert instance on an application, I could email the app owner alerting them of the fact).

7 Comments

Please implement this feature. In large organization there are a lot of users logging in to our SW environment and clearing the triggered alerts and thus Admins are having a hard time verifying or tracking alerts vs events.

Thanks!

Product Manager
Product Manager

This is already implemented and available in NPM 12.3 and SAM 6.6.1 as demonstrated in the screenshot below.

pastedImage_0.png

Level 13

I don't believe that this is what was being asked by the OP. I believe they want to have an audit event created when a user manually clears an alert from the all alerts view. The picture you have above shows when an alert note is changed or the alert is acknowledged but nothing noting that a specific user has cleared the alert. We found that there is an event type in the DB labeled Cleared in the AlertHistory view but were wondering if there will ever be a proper auditing event created for manually clearing alerts.

Level 13

That's not what I requested, though. Solarwinds should create an audit event when someone clears an alert. I see that it's logged in AlertHistory, but I can't trigger an alert based on a row in AlertHistory. I'm looking for a change to the AuditingEvents table.

Product Manager
Product Manager

Understood. Thank you for clarifying. We are tracking this internally under CORE-9924.

Level 13

Thanks!

Community Manager
Community Manager
Status changed to: Open for Voting