This is what I am trying to use to get a table of active unacknowledged critical alerts:
SELECT [dbo].[AlertActive].alertactiveid, [dbo].[ALERTHISTORYVIEW].alertactiveid, [dbo].[ALERTHISTORYVIEW].Name, [dbo].[ALERTHISTORYVIEW].eventtypeword , [dbo].[ALERTHISTORYVIEW].alertnote, [dbo].[AlertActive].Acknowledgedby, [dbo].[AlertActive].triggereddatetime, [dbo].[ALERTHISTORYVIEW].severity
FROM [dbo].[AlertActive]
join [dbo].[ALERTHISTORYVIEW]
on [dbo].[AlertActive].alertactiveid = [dbo].[ALERTHISTORYVIEW].alertactiveid
where [dbo].[ALERTHISTORYVIEW].eventtypeword = 'Triggered'
and [dbo].[AlertActive].Acknowledgedby is NULL
and [dbo].[ALERTHISTORYVIEW].severity = 2
order by [dbo].[AlertActive].triggereddatetime
however when i run:
SELECT [dbo].[AlertActive].alertactiveid, [dbo].[ALERTHISTORYVIEW].alertactiveid, [dbo].[ALERTHISTORYVIEW].Name, [dbo].[ALERTHISTORYVIEW].eventtypeword , [dbo].[ALERTHISTORYVIEW].alertnote, [dbo].[AlertActive].Acknowledgedby, [dbo].[AlertActive].triggereddatetime, [dbo].[ALERTHISTORYVIEW].severity
FROM [dbo].[AlertActive]
join [dbo].[ALERTHISTORYVIEW]
on [dbo].[AlertActive].alertactiveid = [dbo].[ALERTHISTORYVIEW].alertactiveid
where [dbo].[ALERTHISTORYVIEW].eventtypeword = 'Triggered'
I see 283 results, when I look at the web console I see 311 active alerts.
I want to pull data from the alerthistoryview table to work out if an alert is acknowledged and critical but it seems the actions recorded in the alerthistoryview do not record a trigger for each active alert and can see no pattern as to when this is or isn't happening.
As this table is to be critical to ensuring that critical alerts are triggered by engineers I do not want them becoming overly dependant on a table that might not show all active unacknowledged critical alerts.
I have also tried autoacknowledgement of non critical alerts(to allow me to just have a table of unacknowledged alerts for engineers) but it seems as though credentials to access the orion web console cannot be passed through a POST or GET action.