1 Reply Latest reply on Oct 23, 2017 9:09 PM by mesverrum

    A report of what Alert are expected to come out of Ack state?

    mmedwid

      One of the most common things that happen for a team member's who's oncall is that the NOC will call them about an alert.

      Often it's not something that's actually important that's down. But rather it's an alert that had been ack'd at an earlier time

      coming out of Ack state. Would there be any way to find out ahead of time what alerts are expected to come out of Ack

      state in the coming week, the coming month? Thank you.

       

      Orion Platform 2017.1.2 SP2, VIM 7.1.0, VNQM 4.4.0, SRM 6.4.0, DPAIM 11.0.0, NPM 12.1, QoE 2.3, NTA 4.2.2, IPAM 4.3.2, NetPath 1.1.0, UDT 3.2.4, CloudMonitoring 1.0.0, SAM 6.4.0

        • Re: A report of what Alert are expected to come out of Ack state?
          mesverrum

          Alerts don't "come out of ack state" ever on their own.  Once someone acknowledges it it stays that way forever unless the alert resets or someone clears it manually and then it triggers again.

           

          I think what you are experiencing is the alert being reset and then a new instance of the same problem triggering and sending out the message again, which ultimately has nothing to do with ack at all.  Your reset conditions define exactly how a reset happens, but I find most people just leave it on the default setting which is "when this is no longer true."  I generally discourage my clients from leaving them on the no longer true option because I am a control freak and want to be certain that when things happen in my alerts it is because I wanted and expected it to happen.  This can be especially important if your alerts have a complex set of conditions.  I would double check the trigger and reset conditions of whatever alerts you are having trouble with.

           

          In the interest of helping myself to keep track of recurring issues I created this custom SWQL query that you can apply to the node details page to see the info about when alerts triggered/got ack/reset, etc.

           

           

          select ah.AlertObjects.AlertConfigurations.Name as [Alert Name],
          case when EventType=0 then concat('Triggered - ',ah.Message)
          when EventType=1 then concat('Alert Reset',ah.message)
          when EventType=2 then concat('Acknowledged - ',ah.Message)
          when EventType=3 then concat('Notes - ',ah.Message)
          end as [Message],
          ah.AlertObjects.EntityCaption as [Triggering Object],
          ToLocal(ah.Timestamp) as [Time],
          '/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(ah.AlertObjectID) as [_linkfor_Message],
          '/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(ah.AlertObjectID) as [_linkfor_Alert Name]
          
          from Orion.AlertHistory ah
          where
          --eventtype=0
          EventType in (0,1,2,3)
          and ah.AlertObjects.RelatedNodeID='${NodeID}'
          
          --and (Message like '%${SEARCH_STRING}%'
          --or ah.AlertObjects.AlertConfigurations.Name like '%${SEARCH_STRING}%')
          
          
          order by TimeStamp desc
          
          

           

          -Marc Netterfield

              Loop1 Systems: SolarWinds Training and Professional Services