5 Replies Latest reply on May 19, 2015 4:37 PM by tdanner

    documentation for SWQL for alerts?


      Migrated to 11.5.1 and am trying really hard to embrace SWQL.  Having a tough time correlating what I need in the various tables with the documentation from SDK.

      specifically, right now, I'm working on my critical alert reset criteria.  Our environment requires someone ACK the critical alert prior to it being able to clear, regardless of trigger criteria status.

      before, using SQL, I joined with AlertStatus table and said acknowledged must =1 AND NOT (<trigger criteria>).


      part of the issue is the alert can clear from the AlertActive table prior to the ACK <and add some other custom complexity> and the alert sticks around in the alertstatusview table even after finally ACK'd.


      so...if I change my SQL to SWQL, I should be able to do something like...

      where ${N=SwisEntity;M=ComponentAlert.Acknowledged}=1

      or maybe ${N=Alerting;M=Acknowledged}=1

      ...what is the difference between {N=SwisEntity;M=ComponentAlert.<>} and ${N=Alerting;M=<>}


      how are we supposed to know what we can tie together?  is there docs for this? am I missing it?

      I see where you lay out swql for nodes and custom properties <objecttype>.CustomProperties.<propertyName>...


      Inquiring minds want to know!!