5 Replies Latest reply on Dec 7, 2017 9:47 AM by alex777

    NOC alerts view

    alex777

      Hey,

       

      I'm trying to find a way to display all the alerts that triggered and that are no longer active, but that were not acknowledge by the NOC.

       

      Because, we sometime have a case were an alert trigger, but is resolved automatically within a minute and nobody had the chance to take ownership (acknowledge and open incident) of the alert, but we still want to track it. Exemple : node down, node up (reboot of network device)

       

      I known that we could set the reset condition to "No reset action - Manually remove the alert from the active alerts list", but that would add an additional step in our alert management process.

       

      Any ideal?

       

      Thank you!

        • Re: NOC alerts view
          mesverrum

          Try this in a custom query resource, i filtered it to alerts that were reset without an acknowledge.

           

           

          --report on alerts triggered

          select ac.Name

          ,ah.Message

          ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(AlertObjectID) as [_linkfor_Name]

          ,EntityCaption as [Trigger Object]

          ,EntityDetailsUrl as [_linkfor_Trigger Object]

          ,case

          WHEN RelatedNodeCaption=EntityCaption THEN 'Self'

          When RelatedNodeCaption!=EntityCaption THEN RelatedNodeCaption

          End as [Parent Node]

          ,RelatedNodeDetailsUrl as [_linkfor_Parent Node]

          ,'/Orion/images/StatusIcons/Small-' + p.StatusIcon AS [_IconFor_Parent Node]

          ,tostring(tolocal(ah.TimeStamp)) as [Trigger Time]

          ,case when ack.timestamp is null then 'N/A'

          else tostring(minutediff(ah.TimeStamp,ack.timestamp))

          end as [Minutes Until Acknowledged]

          ,ack.Message as [Note]

          ,case when reset.timestamp is null then 'N/A'

          else tostring(minutediff(ah.TimeStamp,reset.timestamp))

          end as [Minutes Until Reset]

           

          FROM Orion.AlertHistory ah

          left join Orion.AlertObjects ao on ao.alertobjectid=ah.alertobjectid

          left join Orion.AlertConfigurations ac on ac.alertid=ao.alertid

          left join Orion.Actions a on a.actionid=ah.actionid

          left join Orion.Nodes p on p.nodeid=RelatedNodeID

          left join (select timestamp, AlertActiveID, AlertObjectID,message from orion.alerthistory ah where eventtype=2) ack on ack.alertactiveid=ah.AlertActiveID and ack.alertobjectid=ah.AlertObjectID

          left join (select timestamp, AlertActiveID, AlertObjectID from orion.alerthistory ah where eventtype=1) reset on reset.alertactiveid=ah.AlertActiveID and reset.alertobjectid=ah.AlertObjectID

           

          WHERE

          daydiff(ah.timestamp,GETUTCDATE())<30

          and ah.eventtype=0

          and ack.timestamp is null

          and reset.timestamp is not null

          --and (ac.Name like '%${SEARCH_STRING}%' or EntityCaption like '%${SEARCH_STRING}%' or RelatedNodeCaption like '%${SEARCH_STRING}%')

           

          order by ah.timestamp desc

           

          -Marc Netterfield

              Loop1 Systems: SolarWinds Training and Professional Services