Forum Discussion

Tim_OShea's avatar
Tim_OShea
Icon for Neophyte rankNeophyte
3 months ago

Reporting on Alerts and SDTs

Hi all, 
I am having an issue trying to generate a report of alerts that are generated outside of SDT.

I have found that the 'In SDT' field is only populated while the alert is outstanding, so any alerts that are cleared do not have the 'In SDT' field set to Y. As a result, I am finding it impossible to screen out alerts generated during SDT. My assumption (incorrect) was that 'in SDT' would do this.

My requirement is to be able to generate trend data on alerts that are relevant to particular teams/escalation chains, to say (for example) the Linux team had 10 Critical alerts last month, vs 50 the previous month, but unless I can screen out the alerts that are generated during SDT, these may all have been expected and require no action, so the data is meaningless.
I was pointed to wards the Alert dashboard, as this has fields for alert suppression type, but this does not seem to be populated either, or is similarly cleared when the alert clears.

Has anyone else found an appropriate way of reporting on Alerts that screens these out? 

lmproduct
  • Mike_Moniz's avatar
    Mike_Moniz
    Icon for Professor rankProfessor
    3 months ago

    This is something I've submitted feedback back years ago. LM does not track SDT state within the alert itself. So the "in SDT" will report the current state of the SDT when you run the report, not the state of the SDT at the time of the alert. I suggest you also submit feedback on that.

    At some point I was thinking about using the API to look at historical SDT and try to match up devices and alerts but never got to that. Since our alerts generate tickets and no tickets during SDT, I believe we just ending up running reports from our ticketing system instead as a imperfect workaround.