• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 32 subscribers
  • Views 834 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SAM - Hide Information Alerts in All Active Alerts View (or NOC View)

jl.lhealth

Hey guys,

I've hit a bit of a wall and I'm coming up on a deadline for getting SAM setup to replace our current monitoring solution (Icinga).  While I've been able to setup all of the basic monitors and alerts we had in the last environment, I'm having some struggles getting the email alerting to do what I expect (see this post over here for the solution I'd prefer for this problem).

One of the suggestions that has been raised was to remove Reset Triggers from all alerts and setup "OK Alerts" with trigger conditions which would fire when the system entered back into an OK state.  This seems like a really good work around for the email/trigger issue, however it doesn't seem to work for our NOC, as it's going to flood the "All Active Alerts" and "All Active Alerts - NOC View Mode" displays they watch for issues with thousands of "OK" alerts on the "All" category.  Ideally, we'd like these alerts to be hidden from this view or create another view which looks exactly like one or both of those views, but with the "OK" alerts removed (we were thinking of setting these as Severity: Notice for an easy way to filter them out.

Any thoughts or suggestions?

Thank you,

-JD

  • 0

    So the out of the box alert views aren't very filterable as you have probably noticed, so to get that kind of effect you usually end up building something using the custom table resource.  If you get really fancy I could see cooking up a SQL/SWQL resource that only shows the highest severity of the alert and disappears it if the OK variant has shown up for that same object.

  • 0 in reply to mesverrum

    Thanks for the reply!  I looked a bit at creating a new page/view/table, but I couldn't find a way to make it the same type of view (with the check boxes and acknowledge button).  My total hands-on time with SAM is still less than 10 hours, so I know effectively nothing about the product.  Is there something fairly straight forward that I'm just completely missing?

    Thank you,

    -JD

  • 0 in reply to jl.lhealth

    This is the basic SWQL query I use for most of my alert dashboards

    pastedImage_0.png

    It doesnn't have check boxes or the ack button since those are done in javascript and I still haven't gotten around to being able to recreate that, but if you click the column with the alert in it that takes you to the alert info page, which does have the ack button.  I was going to attempt to write a version with the logic I described above but my VCP exam is in 2 weeks and I am on the grind studying for that so I can't let myself get too distracted until after I finish it. Feel free to try and modify this for your purposes if you are any good at SQL.

    SELECT

    o.AlertConfigurations.Name AS [ALERT NAME]

    ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:' + ToString(o.AlertObjectID) AS [_LinkFor_ALERT NAME]

    ,CASE

    WHEN o.AlertConfigurations.Severity = 2 THEN '/Orion/images/ActiveAlerts/Critical.png'

    WHEN o.AlertConfigurations.Severity = 3 THEN '/Orion/images/ActiveAlerts/Serious.png'

    WHEN o.AlertConfigurations.Severity = 1 THEN '/Orion/images/ActiveAlerts/Warning.png'

    WHEN o.AlertConfigurations.Severity = 0 THEN '/Orion/images/ActiveAlerts/InformationalAlert.png'

    WHEN o.AlertConfigurations.Severity = 4 THEN '/Orion/images/ActiveAlerts/Notice.png'

    END AS [_iconfor_ALERT NAME]

    ,o.EntityCaption AS [ALERT OBJECT]

    ,o.EntityDetailsURL AS [_LinkFor_ALERT OBJECT]

    ,case

    WHEN o.RelatedNodeCaption=EntityCaption THEN 'Self'

    When o.RelatedNodeCaption!=EntityCaption THEN RelatedNodeCaption

    End as [RELATED NODE]

    ,o.RelatedNodeDetailsURL AS [_LinkFor_RELATED NODE]

    ,ToLocal(o.AlertActive.TriggeredDateTime) AS [ALERT TRIGGER TIME]

    -- ,o.AlertActive.TriggeredMessage AS [ALERT MESSAGE]

    --,'/Orion/images/StatusIcons/Small-' + n.StatusIcon AS [_IconFor_ALERT OBJECT]

    ,'/Orion/images/StatusIcons/Small-' + p.StatusIcon AS [_IconFor_RELATED NODE]

    ,CASE

    when minutediff(o.AlertActive.TriggeredDateTime,GETUTCDATE())>1440 then (tostring(round(minutediff(o.AlertActive.TriggeredDateTime,GETUTCDATE())/1440.0,1)) + ' Days')

    when minutediff(o.AlertActive.TriggeredDateTime,GETUTCDATE())>60 then (tostring(round(minutediff(o.AlertActive.TriggeredDateTime,GETUTCDATE())/60.0,1)) + ' Hours')

    else (tostring(minutediff(o.AlertActive.TriggeredDateTime,GETUTCDATE())) + ' Minutes')

    end as [Time Active]

    ,aa.AcknowledgedBy

    ,ah.Message as [Note]

    From Orion.AlertActive aa

    join Orion.AlertObjects o on aa.alertobjectid=o.alertobjectid

    LEFT join Orion.Nodes p on p.nodeid=relatednodeid

    left join orion.alerthistory ah on ah.AlertActiveID=aa.AlertActiveID and ah.EventType in (2,3)

    --where (o.AlertConfigurations.Name like '%${SEARCH_STRING}%' or o.RelatedNodeCaption like '%${SEARCH_STRING}%' or o.EntityCaption like '%${SEARCH_STRING}%' or ah.Message like '%${SEARCH_STRING}%')

    ORDER by o.AlertActive.TriggeredDateTime DESC

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.