Query to determine exact time and date of alert generation

Question

Hi All,

I would like to determine the exact time and dates when the alert (refer ss) was generated. Unfortunately, the alert has been suppressed and it only shows me the repeat count. is there a query that i can run or any other way to see at what times the alert has been generated and on what dates?
Please share any information you have on the same, thanks in advance!

Regards,
Sushanth S K

Answer 1

Hi @Kadam, Sushanth ,

As far as I know, when you configure a rule to suppress alert generation, you won't get a new record for that alert in the Alert table of the Operational / DataWarehouse database.
This is one of the benefits of suppressing an alert, as you will reduce the number of alerts that are generated.

In fact, when another criteria is detected (meaning that the rule is supposed to generate a new alert), but the Alert suppression is configured, at that moment, the existing Alert record from the database will be updated:

• The repeat count property will be incremented (+1)
• The last modified property will contain the current timestamp

So, the most info you can get by looking at an alert generated by a rule where alert suppression is enabled is:

• the time when the first alert was generated (Created Date)
• the time when the last occurrence was detected (Last Modified)
• the number of occurrences (Repeat Count) for this alert between the Created Date and the now

Note: the Notification workflows are executed only for the first alert that is generated (meaning you won't get a notification workflow triggered when the repeat count and last modified properties are updated as result of a suppression).

P.S. if the alert in your case is based on a Windows Event, you could create an Event Collection Rule, then create an Event View, filtered on your event to see when those events were generated.

I hope that this helps you (if so, please don't forget to Accept as answer)

Thank you!
BR,
George