This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How to link a group container to node (how to create a mute_group alert)

timt over 7 years ago

Hi,

I am trying to create a way for users to be able to bulk mute servers in a group. I ended up creating dynamic group queries to look for servers belonging to certain node custom properties. I then created a custom view to list (linkable) nodes belonging a root group. Users can now select the group and edit the group custom property group called mute_group, and set to mute.

Now I need to create an advanced alert to lookup the group field if it's set to "mute_group", and at the same time, also look for other node.custom property variables.

However when I try to create an advanced alert, I can't link to the group custom property to any node details.

So, I am thinking of creating an advanced swql alert, however when I try to create this in swql it's giving an ambigous error.

Is there a way to link both the orion.groups and orion.nodes together by swql in the advanced swql alerting?

Thanks in advance!

Top Replies

tdanner over 7 years ago +1

There's no relationship defined between Orion.ContainerMembers and Orion.Nodes - this is why the alert designer doesn't offer to link them together. However, you are correct that you can use a "Custom…

0 tdanner over 7 years ago
There's no relationship defined between Orion.ContainerMembers and Orion.Nodes - this is why the alert designer doesn't offer to link them together.
However, you are correct that you can use a "Custom SWQL" alert to get around that by using a custom join. Here's something to get you started:
SELECT Nodes.Uri, Nodes.DisplayName FROM Orion.Nodes AS Nodes
-------
INNER JOIN Orion.Groups G
     ON G.Members.MemberPrimaryID=Nodes.NodeID
          AND G.Members.MemberEntityType=Nodes.InstanceType
WHERE G.CustomProperties.Comments='mute_group'
    AND Nodes.CustomProperties.City='Austin'
This will return all nodes whose City property is "Austin" and that are members of any group whose Comments field says "mute_group". Customize for your environment.
Cancel
Vote Up +1 Vote Down

Cancel
0 timt over 7 years ago in reply to tdanner

Ahh, I thought this would work out, as the same way the swql report builder works, but it seems like the select is static, as I can't change. Guess this idea may not work for now.
SELECT Nodes.Uri, Nodes.DisplayName, nodes.status, cp.os_admin, gcp.mute_group
FROM Orion.Nodes AS Nodes
-------
INNER JOIN Orion.Groups G
     ON G.Members.MemberPrimaryID=Nodes.NodeID
          AND G.Members.MemberEntityType=Nodes.InstanceType
left join orion.nodescustomproperties cp ON cp.nodeid=nodes.nodeid
left join orion.groupcustomproperties gcp ON gcp.containerid=g.containerid
Cancel
Vote Up 0 Vote Down

Cancel
0 tdanner over 7 years ago in reply to timt

The report builder doesn't really care what the query returns - it is just going to format it as a table and show it to you. But the alert builder needs the query output in a specific format because it is going to trigger an alert on the objects (nodes, in this case) that are identified by the query.
What would you want the alert engine to do with the extra nodes.status, cp.os_admin, gcp.mute_groupnodes.status, cp.os_admin, and gcp.mute_group values?
Cancel
Vote Up 0 Vote Down

Cancel
0 timt over 7 years ago in reply to tdanner

TDanner, thanks for the info/advice like always. I don't know how complicated this will get into the future if I build on this alert if possible:
nodes.status = down
os_admin = 'windows server'
cp.mute is not true
gcp.mute_group is not true
Thank you for your support!
Cancel
Vote Up 0 Vote Down

Cancel