Create an alert query

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • An alert query is a set of alerts that meet specific criteria for a particular service.

    始める前に

    Navigate to Event Management > Administration > Event Management Properties and ensure that the Enable alert query support (evt_mgmt.impact_calulation.alert_group_support) property is set to Yes.

    Role required: evt_mgmt_admin or evt_mgmt_operator

    このタスクについて

    The main motivation to use alert queries is a modeling solution based on data contained in the alert itself, as an alternative to using either discovered, application, or technical services.

    Create an alert query to combine similar alerts that meet the specific criteria.

    You can learn about Event Management basics, including alert queries, from this video:

    手順

    1. Navigate to Event Management > Services > Alert Queries.
    2. Select New.
    3. On the Alert Query form, fill in the fields.

      For a description of the field values, see Alert Query form

      注:
      In the Filter field:
      • When defining an alert query filter, include only fields that appear in the Alert Histories [em_alert_history] table. Impact calculation is based on Alert History data and fields such as Overall Event Count, Priority, and Priority group are not copied to the Alert Histories [em_alert_history] table.
      • Do not specify a dynamic time condition. For example, in the filter, do not specify Created condition of Last 45 minutes because impact calculation is triggered by a change of alert or alert query. However, for the dynamic time condition, none of these conditions have changed. Do not specify a dynamic time condition
      • Some filters may slow down impact calculation. To solve this problem, adjust your alert query by adding an appropriate index, as described in Index suggestions for slow queries.
    4. Select Update.