• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 354 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Database Query to link AlertLog table contents with the AuditingEvents table content

chetz

Hi All,

I am trying to build a custom report for our NOC team to extract the alert information(mostly Historical) for any given Node in Orion from the ALertLog table (which contents the alert info that is not available to see on the console). Currently I am looking for linking the "Alert Notes" data which resides in the AuditingEvents table for each alert in the AlertLog table. Im not sure if there any key or ID that links each alert to its alert notes data (in AuditingEvents field)

Any help is appreciated.

Thanks,

Chethan

  • 0

    I had done something similar a while back. It's a pretty involved query, but you have to be able to search the auditing events for the alertdefID and use the node ID as well in order to find any auditing events tied to a specific alert.  I unfortunately no longer have the exact query I used the last time I set that up.  I'll do some digging to see if I can find any remnants of it.

  • 0 in reply to mharvey

    Thanks! mharvey emoticons_happy.png, I m trying to understand the DB schema as well. Is there any  DB schema document available that I can refer to?

    thanks!

    Chethan

  • 0 in reply to chetz

    Nothing that's been published by SolarWinds.  If you run the diagnostics tool though, the database schema is provided in that .zip file.

  • 0

    Here is what I came up with:

    SELECT DISTINCT ae.[AuditEventID]

      ,DATEADD(hh, -8, ae.[TimeLoggedUtc]) TimeLogged

      ,ae.[AccountID]

      ,ae.[ActionTypeID]

      ,ae.[AuditEventMessage]

       ,n.NodeID

      ,n.SysName, n.IP_Address

      ,e.Message EventMessage

      ,DATEADD(hh, -8, n.UnManageFrom)

      ,DATEADD(hh, -8, n.UnmanageUntil)

      ,a.Message AlertMessage

    FROM [SolarWindsOrion].[dbo].[AuditingEvents] ae WITH (NOLOCK)

    INNER JOIN [SolarWindsOrion].[dbo].[Nodes] n WITH (NOLOCK) ON ae.NetworkNode = n.NodeID

    INNER JOIN [SolarWindsOrion].[dbo].[Events] e WITH (NOLOCK) ON e.NetObjectID = ae.NetObjectID

    INNER JOIN [SolarWindsOrion].[dbo].[AlertLog] a WITH (NOLOCK) ON a.ObjectID=n.NodeID

    ORDER BY DATEADD(hh, -8, ae.[TimeLoggedUtc]) DESC

    you can tweak as you wish.

    Mahidhar Vattem

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.