Anyone else find "Active Alerts" just about useless because of how they've implemented alerting?
I'm struggling to create a useful view within Orion that will show alerts based on unique criteria. The "Active Alerts" view almost gets us there but the fact that is doesn't display alerts that have been reset makes it not usable for us. We have a large number of critical alerts (most are component monitors) that are required to reset almost immediately in order to pick up the re-occurrence of a monitored event. Also, with events like node/interface down or capacity or whatever, the fact that the alert resets soon after the trigger is normal and expected. I'm baffled why the main display for alerts would not take into consideration this behavior. My expectation is that an "Alerts" view could show all alerts triggered within a given period of time for instance, instead of those that just happen to still be active.
I understand that unique SWQL queries can be created (we've created many) but these present their own limitations and we have yet to create a view that has the interactive feel and customization options of the "Active Alerts" view.
Am I missing something?
Bobby