3 Replies Latest reply on Oct 31, 2017 8:16 AM by sfp

    Reporting Alert Definitions

    frazdave

      I have a challenge where (mostly due to the number of fingers in the pie, a lot of complex alerts, and someone's bright idea to send (ill defined) alerts to upper management) I need to be able to evaluate if simply adding a node to NPM, an application to SAM or a transaction to WPM will trigger an alert.

       

      So I've been trying to determine a way write a report which shows the definitions of Alerts.  If I could get this into text form or an Excel spreadsheet, I could parse the data with the new details rather than opening every alert definition.

       

      While I was in the process (and having limited success) we have upgraded to NPM 11.5.2 which seems to have changed EVERYTHING.  I see that there is an AlertDefinitions table, but I believe this is for the old server based tool as all the 'Enabled' field in all of the alerts set to 0.  Dig a little further and I find some incomprehensible XML that appears to be translated by a DLL that I don't have the reference for . . . and so on.  It isn't even possible to export, edit and then import an alert anymore.  And the new web based approach is simply painful and has a few bugs.  The "Show SQL" doesn't work if the trigger is complex.  It will show the first one or two AND/OR sections and drop later ones.

       

      If I view Active Alert Details for an alert, there is this nice 'Alert Definition Details' resource which gives me exactly the information I need.  There simply has got to be a way to get at this data other than plugging through every sub page of every alert (the new web based approach to alerts is painful).

       

      Just thought I'd try to get an answer here before opening a string of tickets . . .

      .

        • Re: Reporting Alert Definitions
          LadaVarga

          Hello,

           

          In 11.5+ we moved alerts to SELECT TOP 1000 * FROM [dbo].[AlertConfigurations].

           

          If you like to know what happend in the history you can use (NPM 11.5.2 is mandatory) - SELECT TOP 1000 * FROM [dbo].[AlertHistoryView].

           

          If you like to know when was node added, application added, you can use Custom Table in Reporting and define report under that.

          reports-2-2-001262.png

            • Re: Reporting Alert Definitions
              frazdave

              Yes, I see that it has been moved to dbo.AlertConfigurations.  But an example trigger condition is:

              <ArrayOfAlertConditionShelve xmlns="http://schemas.datacontract.org/2004/07/SolarWinds.Orion.Core.Models.Alerting" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><AlertConditionShelve><AndThenTimeInterval i:nil="true"/><ChainType>Trigger</ChainType><ConditionTypeID>Core.Dynamic</ConditionTypeID><Configuration>&lt;AlertConditionDynamic xmlns="http://schemas.datacontract.org/2004/07/SolarWinds.Orion.Core.Alerting.Plugins.Conditions.Dynamic" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"&gt;&lt;ExprTree xmlns:a="http://schemas.datacontract.org/2004/07/SolarWinds.Orion.Core.Models.Alerting"&gt;&lt;a:Child&gt;&lt;a:Expr&gt;&lt;a:Child&gt;&lt;a:Expr&gt;&lt;a:Child/&gt;&lt;a:NodeType&gt;Field&lt;/a:NodeType&gt;&lt;a:Value&gt;Orion.Container|Name|Container&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;a:Expr&gt;&lt;a:Child/&gt;&lt;a:NodeType&gt;Constant&lt;/a:NodeType&gt;&lt;a:Value&gt;Internet Web Browsing&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;/a:Child&gt;&lt;a:NodeType&gt;Operator&lt;/a:NodeType&gt;&lt;a:Value&gt;=&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;a:Expr&gt;&lt;a:Child&gt;&lt;a:Expr&gt;&lt;a:Child/&gt;&lt;a:NodeType&gt;Field&lt;/a:NodeType&gt;&lt;a:Value&gt;Orion.ContainerMembers|Status&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;a:Expr&gt;&lt;a:Child/&gt;&lt;a:NodeType&gt;Constant&lt;/a:NodeType&gt;&lt;a:Value&gt;1&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;/a:Child&gt;&lt;a:NodeType&gt;Operator&lt;/a:NodeType&gt;&lt;a:Value&gt;!=&lt;/a:Value&gt;&lt;/a:Expr&gt;&lt;/a:Child&gt;&lt;a:NodeType&gt;Operator&lt;/a:NodeType&gt;&lt;a:Value&gt;AND&lt;/a:Value&gt;&lt;/ExprTree&gt;&lt;Scope i:nil="true" xmlns:a="http://schemas.datacontract.org/2004/07/SolarWinds.Orion.Core.Models.Alerting"/&gt;&lt;TimeWindow i:nil="true"/&gt;&lt;/AlertConditionDynamic&gt;</Configuration><ConjunctionOperator>None</ConjunctionOperator><IsInvertedMinCountThreshold>false</IsInvertedMinCountThreshold><NetObjectsMinCountThreshold i:nil="true"/><ObjectType>Group Member</ObjectType><SustainTime>PT15M</SustainTime></AlertConditionShelve></ArrayOfAlertConditionShelve>

               

              That is basically incomprehensible compared to the Alert Definition Details resource for a (different) active alert:

               

              Name:
              Cisco Temperature Alert
              Description:
              No description specified
              Type of Property to monitor
              Custom Node Poller
              Severity:
              Warning
              Evaluation Frequency of alert:
              Every 5 minutes
              Alert Custom Properties: (0)
              No Alert Custom Properties defined
              Scope of this Alert:
              All objects in my environment

              Trigger Condition:

              All child conditions must be satisfied (AND) 
                  Custom Poller Current Stats - Current Numeric Value - is greater than - 0
                  Custom Node Poller - Status - is greater than - Warning

              Reset Condition:

              When the trigger condition is no longer true
              Time of Day schedule:
              Alert is always enabled

              Trigger Action:

              Escalation Level 1

              1. Send an Email/Page (High Temp Alert ${Node.SysName} is ${CurrentValue})
              Reset Action:
              No reset action specified