Hi guys,
I currently get alerts whenever an interface goes down and when it comes back up again.
I have two alerts in total, one for the LAN and one for the WAN. The way I separate the two is by using a Custom Property on WAN interfaces.
I'm good with the alerts that I currently receive and it works as it should, but I'd like to get a report based on these alerts, that counts the number of times the interface triggered the alert in the past.
The report(s) should display the number of occurrences for this alert this week, this month, last week and last month.
I'm having trouble building one such report or Custom Table resource based on SQL/SWQL. I've even tried basing the report off Events that the Alert creates. No luck so far. It either doesn't work or the count is way off. It might be due to the way historical alerts/events are stored. It may even be due to an issue with timestamps and alerts/events? I'm hoping I can get some help with this here.
The format of the report would look something like this:
Number of times ISP Links went down - this week
| Caption | Object Name | Trigger Count |
|---|---|---|
| Node Name | The name of the interface that triggered this alert | The number of times the Alert/Event has been triggered in the specific timeframe |
It resembles somewhat the Top X Objects by trigger count of this alert resource that you find in an Active Alert Details view.
What I have so far is based on zackm's work posted here: Alert Triggered
Any help greatly appreciated!