9 Replies Latest reply on Nov 7, 2018 5:22 AM by Adam Stephen

    Alert Notes

    efsharp
      Is there a way to get the acknowledged note, timestamps and acknowledged by from active alerts and pull that from each node's view?
        • Re: Alert Notes
          d09h

          You could do this:

           

          Show acknowledged alerts and notes in a report - SolarWinds Worldwide, LLC. Help and Support

           

           

            

           

          Show acknowledged alerts and notes in a report

           

           

          Updated May 22, 2017

          Overview

          This article describes how to create a report on acknowledged alerts showing the acknowledgment notes, which can be used to review historical alerts that have been addressed and the actions used to address them.

           

          When Orion generates an alert, it is displayed under Active Alerts as long as the trigger condition is active. When the alert has been resolved and the user has added acknowledgment and resolution notes, the trigger condition is no longer active and the alert is removed from the list of active alerts.

          Environment

          NPM 11.5 and later

          Steps

          The AlertHistoryView table shows the history of the alert including those that have been acknowledged and the notes placed during the acknowledgment. Execute the following query using Orion Database Manager:

          01Select

           

           

          02       TimeStamp,

           

           

          03       EventTypeWord,

           

           

          04       Name,

           

           

          05       ObjectType,

           

           

          06       Message,

           

           

          07       AccountID,

           

           

          08       AlertObjectid,

           

           

          09       EntityCaption,

           

           

          10       LastTriggeredDateTime,

           

           

          11       AlertNote,

           

           

          12       Severity

           

           

          13FROM [dbo].[AlertHistoryView]

           

           

          14WHERE EventTypeWord = 'acknowledged'

           

           

          15Order by TimeStamp DESC

           

          This query can also be used to generate a report by using the Advanced SQL template when creating the report, and then apply this query.

           

          The following is a sample output of the query when executed in Orion Database Manager. The Message Column shows the details entered during alert acknowledgment:

           

           

          1 of 1 people found this helpful
            • Re: Alert Notes
              efsharp

              Hi, d09h.

               

              Thanks for your inputs. But though, this will return all the values for all nodes and display it on each node views. What I want to accomplish is get the values on these columns but the values should appear on each Node.

               

              I tried this using custom table > Edit and unchecked the 'Data Source' then I execute/apply the query.

               

              Thanks!

              • Re: Alert Notes
                efsharp

                I thought I figured that out but my new problem is the AcknowledgedNote column from AlertActive table is NULL hence there's nothing to show.

                 

                Tried to check if there's a value from this AcknowledgedNote column in SQL but there's really not. I wonder if someone already get this view.

                 

                 

              • Re: Alert Notes
                Adam Stephen

                The abopve works but are you looking to put this in the Node Detail View?  Do you want a report? What is the goal.  I have SWQL queries that could fill each.

                • Re: Alert Notes
                  gjp1971

                  I am not sure what you are attempting to pull. I know for me, I was trying to get the notes to show on all All Active Alerts page, but could not figure it out.  I even tried to locate the web page and modify the call to the DB. But I did find a way to create a view that showed it as seen here.

                   

                  Ack and Unack Alerts.

                   

                  The two queries I used in the custom tables are

                   

                  *** UPDATE 11/06/2018 ***

                  I forgot to factor in UTC Time in the tables.  For the two below, I had to subtract 6 Hours from the alerted time.  I did this be changing the time is each query.

                  In Acknowledged I changed AlertViewStatus.LastUpdate to DATEADD(HOUR,-6,AlertStatusView.LastUpdate) AS LastUpdate

                  In Unacknowledged I changed AlertActive.TriggeredDateTime to DATEADD(HOUR,-6,AlertActive.TriggeredDateTime) AS TriggeredDateTime

                  *** UPDATE 11/06/2018 ***

                   

                  ACKNOWLEDGED:

                  SELECT AlertObjects.RelatedNodeCaption ,AlertStatusView.ObjectName, AlertStatusView.AlertMessage, AlertStatusView.AcknowledgedBy, AlertStatusView.Notes , DATEADD(HOUR,-6,AlertStatusView.LastUpdate) AS Lastupdate

                  FROM AlertStatusView

                  INNER JOIN AlertObjects ON AlertObjects.AlertObjectID = AlertStatusView.AlertObjectID

                  WHERE Acknowledged = '1'

                   

                  UNACKNOWLEDGED:

                  SELECT

                  DATEADD(HOUR,-6,AlertActive.TriggeredDateTime) AS TriggeredDateTime, NodesData.Caption, AlertHistoryView.EntityCaption, AlertActive.AcknowledgedBy, AlertActive.AcknowledgedDateTime,AlertActive.TriggeredDateTime,AlertActive.TriggeredMessage, AlertHistoryView.Message

                  FROM AlertActive

                  INNER JOIN AlertHistoryView ON AlertHistoryView.AlertObjectId = AlertActive.AlertObjectID

                  INNER JOIN NodesData ON NodesData.NodeId = AlertHistoryView.RelatedNodeId

                  WHERE  AlertActive.AcknowledgedBy is null AND Message is null

                   

                  I then set up a TEXT TO SPEECH alert for all alerts that reads what is down to the notification app built in to Solarwinds.  Below is the screen we have at the front of the NOC as well as on one of our workstation monitors.All In One Monitor

                   

                  The SQL Queries took me some time to get right, but it's working now.  I still have some more dashboards to create.