Just for clarification:
If you have 4 ports in use, and the usage is:
port 1 - 80%
port 2 - 80%
port 3 - 70%
port 4 - 90%
would you want THAT to trigger? Or only if all 4 ports were at 80% or higher?
Your example makes sense, so yes, it would be nice to have that trigger. But I'm guessing this makes the SQL/SWQL slightly more complex to implement?
To give a back story on why this would be a handy alert to implement... I was working late one night and glanced at the NOC view. We have an alert that triggers for when ANY interface has either high Tx or Rx rate for a certain period of time. And this alert fires fairly often because that's the nature of the network. No email is sent otherwise we'd be bombarded with them. However on this instance I saw that all the interfaces were associated with the same node. Indicative of some kind of loop or storm occurring. If I wasn't looking at the NOC view I wouldn't have known about it. So an alert that can say "hey, you've got a load of interfaces on this one node with high Rx % - there's probably something going on" would be a great early warning.
Unfortunately my SQL/SWQL foo is very poor
Great background. But my question was an "either or"...
EITHER you want to know when all interfaces are EACH over 80%
OR you want to know when the usage across all interfaces adds up to 80% of the total available
This may not be a SQL query, but before we start digging in, I wanted to be clear on the goal.
Sorry for the misunderstanding. I was thinking a fixed number of interfaces. e.g. "if 8 or more are each at 80% (or above) Rx utilization".
If an SQL query is possible, that number could simply be tweaked in the query.