• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 15 subscribers
  • Views 209 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Tracking unassigned events

flclkun

Im trying to create a daily report that would capture any critical alerts that have come in but haven't been acknowledged within 15 minutes. I've worked through some of the custom report rules but cant quite figure it out. Could anyone point me in the right direction.

  • 0

    This is one of my SWQL reports reworked for your conditions, show all alerts that took longer than 15 min to ack or reset.

    select ac.Name

    ,ah.Message

    ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(AlertObjectID) as [_linkfor_Name]

    ,EntityCaption as [Trigger Object]

    ,EntityDetailsUrl as [_linkfor_Trigger Object]

    ,case 

    WHEN RelatedNodeCaption=EntityCaption THEN 'Self'

    When RelatedNodeCaption!=EntityCaption THEN RelatedNodeCaption

    End as [Parent Node]

    ,RelatedNodeDetailsUrl as [_linkfor_Parent Node]

    ,'/Orion/images/StatusIcons/Small-' + p.StatusIcon AS [_IconFor_Parent Node]

    ,tostring(tolocal(ah.TimeStamp)) as [Trigger Time]

    ,case when ack.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,ack.timestamp))

    end as [Minutes Until Acknowledged]

    ,ack.Message as [Note]

    ,case when reset.timestamp is null then 'N/A'

    else tostring(minutediff(ah.TimeStamp,reset.timestamp))

    end as [Minutes Until Reset]

    FROM Orion.AlertHistory ah

    left join Orion.AlertObjects ao on ao.alertobjectid=ah.alertobjectid

    left join Orion.AlertConfigurations ac on ac.alertid=ao.alertid

    left join Orion.Actions a on a.actionid=ah.actionid

    left join Orion.Nodes p on p.nodeid=RelatedNodeID

    left join (select timestamp, AlertActiveID, AlertObjectID,message from orion.alerthistory ah where eventtype=2) ack on ack.alertactiveid=ah.AlertActiveID and ack.alertobjectid=ah.AlertObjectID

    left join (select timestamp, AlertActiveID, AlertObjectID from orion.alerthistory ah where eventtype=1) reset on reset.alertactiveid=ah.AlertActiveID and reset.alertobjectid=ah.AlertObjectID

    WHERE 

    ah.eventtype=0

    and ac.Severity=2 --critical

    and (minutediff(ah.TimeStamp,ack.timestamp) > 15

    or minutediff(ah.TimeStamp,reset.timestamp) > 15

    or (ah.TimeStamp < ADDMINUTE(-15,GETUTCDATE()) and reset.timestamp is null and ack.timestamp is null)

    )

    --and (ac.Name like '%${SEARCH_STRING}%' or EntityCaption like '%${SEARCH_STRING}%' or RelatedNodeCaption like '%${SEARCH_STRING}%')

    order by ah.timestamp desc

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.