I am looking to create some custom alerts in either SQL or SWQL with logic built into them.
My company is spread through multiple offices and our nodes are grouped by each office as well as each office having a distinct subnet. I am looking to find a way to use logic when a device has gone offline or rebooted. Here's kind of the logic I'm looking for.
If node has gone offline/rebooted
and no other nodes have gone offline matching either the group or subnet
send notification stating which device has gone offline/rebooted
if node has gone offline/rebooted
and other nodes have gone offline matching either the group or subnet
send one notification for all nodes instead of individuals
Is this something that is possible? I'm having a hard time figuring out how to use this sort of logic with SQL and then how to incorporate it into an alert.
You might be able to achieve some of this easily using groups and alerting on Group Member status.
The other option via alerting would be to use suppression.
In regards to sending a single alert for all nodes, I can see being able to piece something together using suppression, though usually what I focus on are dependencies (which can also be achieved through the right nested group setup). Dependencies in Orion will mark affected Nodes as un-reachable giving you a visual as well as stopping all the alerts of those affected nodes. With the right group setup you can alert on all group members being certain status(down or unreachable). Normally I rely on the Node Down Alert coming from the parent device(gateway), and notate the device or alert in a way to know it is the main access point and affects more than just that node.
Loop1 Systems: SolarWinds Training and Professional Services
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.