1 of 1 people found this helpful
There's no relationship defined between Orion.ContainerMembers and Orion.Nodes - this is why the alert designer doesn't offer to link them together.
However, you are correct that you can use a "Custom SWQL" alert to get around that by using a custom join. Here's something to get you started:
SELECT Nodes.Uri, Nodes.DisplayName FROM Orion.Nodes AS Nodes ------- INNER JOIN Orion.Groups G ON G.Members.MemberPrimaryID=Nodes.NodeID AND G.Members.MemberEntityType=Nodes.InstanceType WHERE G.CustomProperties.Comments='mute_group' AND Nodes.CustomProperties.City='Austin'
This will return all nodes whose City property is "Austin" and that are members of any group whose Comments field says "mute_group". Customize for your environment.
Ahh, I thought this would work out, as the same way the swql report builder works, but it seems like the select is static, as I can't change. Guess this idea may not work for now.
SELECT Nodes.Uri, Nodes.DisplayName, nodes.status, cp.os_admin, gcp.mute_group
FROM Orion.Nodes AS Nodes
INNER JOIN Orion.Groups G
left join orion.nodescustomproperties cp ON cp.nodeid=nodes.nodeid
left join orion.groupcustomproperties gcp ON gcp.containerid=g.containerid
The report builder doesn't really care what the query returns - it is just going to format it as a table and show it to you. But the alert builder needs the query output in a specific format because it is going to trigger an alert on the objects (nodes, in this case) that are identified by the query.
What would you want the alert engine to do with the extra nodes.status, cp.os_admin, gcp.mute_groupnodes.status, cp.os_admin, and gcp.mute_group values?
TDanner, thanks for the info/advice like always. I don't know how complicated this will get into the future if I build on this alert if possible:
nodes.status = down
os_admin = 'windows server'
cp.mute is not true
gcp.mute_group is not true
Thank you for your support!