Description
Queries the alerting system for the current status of all alerts. By default, flatten mode is on, which means that you will get a single entry per alert path. If you turn flatten off, you'll get a row for each state of the alert. This can be important for alerts that have overlapping states.
The results of this function are a dataset with the following columns:
| • | System - The system that issued the alert. |
| • | Path - The path to the alert item |
| • | Display Path - The custom display path (if any) for the alert. Will be the Path if no Display Path is configured. |
| • | State Name - The state name for the alert. If flatten is true, this will be the highest severity active alert state. If no state is active, this will be the most recently cleared alert state. |
| • | Severity - The severity, as a string. |
| • | Severity Code - The severity as an integer. 0-4, low-high. |
| • | Active - A boolean indicating whether this alert state is currently active. |
| • | Active Timestamp - The time at which this alert went active. May be null. |
| • | Active Value - The value that triggered this alert to go active. |
| • | Cleared - A boolean indicating whether this alert is currently clear. |
| • | Cleared Timestamp - The time at which this alert cleared. May be null. |
| • | Cleared Value - The value that cleared the alert. |
| • | Acked - A boolean indicating whether or not this alert has been acknowledged. |
| • | Ack Timestamp - The time that the alert was acknowledged. May be null. |
| • | Ack user - The user who acknowledged the alert. |
| • | Notes - The notes field for the alert |
| • | Flags - A bitmask representing the current alert state. 0x01= Active, 0x02=Cleared, 0x04=Acknowledged. So if the alert is active and acknowledged, but not cleared, this will be 0x01 | 0x04 = 5; |
This function accepts keyword-style invocation. See also: Functions / Keyword Invocation
Syntax
system.alert.queryAlertStatus(system, path, stateName, minSeverity, maxSeverity, activeAndUnacked, activeAndAcked, clearAndUnacked, clearAndAcked, flatten, displayPath)
Parameters
String system - Filter string to restrict results based on the alert system.
String path - Filter string to restrict results based on the alert path.
String stateName - Filter string to restrict results based on the alert state name.
Integer minSeverity - Minimum severity to return. Defaults to 0 (Low).
Integer maxSeverity - Maximum severity to return. Defaults to 4 (High).
Boolean activeAndUnacked - Whether or not to return alerts that are currently active and unacknowledged. Default is true.
Boolean activeAndAcked - Whether or not to return alerts that are currently active and have been acknowledged. Default is false.
Boolean clearAndUnacked - Whether or not to return alerts that are cleared and unacknowledged. Default is false.
Boolean clearAndAcked - Whether or not to return alerts that are cleared and have been acknowledged. Default is false.
Boolean flatten - If true, will flatten results so that there is only one entry per alert path, matching the highest active state. Default is true.
String displayPath - Filter string to restrict results based on the alert's display path.
Returns
Dataset - A dataset containing the alerts in the system that match the filters.
Scope
All
Examples
This script will query the alert status for currently active alerts and push the results into a table.
results = system.alert.queryAlertStatus(flatten=1,activeAndUnacked=1,
activeAndAcked=1)
event.source.parent.getComponent("Table").data=results
This expression binding will return the count of currently active alerts with a severity of Medium or higher, checking once a second.
runScript(
"system.alert.queryAlertStatus(activeAndAcked=1, minSeverity=2).rowCount",
1000
)