Create an alert query

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • An alert query is a set of alerts that meet specific criteria for a particular service.

    시작하기 전에

    Navigate to Event Management > Administration > Event Management Properties and ensure that the Enable alert query support (evt_mgmt.impact_calulation.alert_group_support) property is set to Yes.

    Role required: evt_mgmt_admin or evt_mgmt_operator

    이 태스크 정보

    The main motivation to use alert queries is a modeling solution based on data contained in the alert itself, as an alternative to using either discovered, application, or technical services.

    Create an alert query to combine similar alerts that meet the specific criteria.

    You can learn about Event Management basics, including alert queries, from this video:

    프로시저

    1. Navigate to Event Management > Services > Alert Queries.
    2. Select New.
    3. On the Alert Query form, fill in the fields.

      For a description of the field values, see Alert Query form

      주:
      In the Filter field:
      • When defining an alert query filter, include only fields that appear in the Alert Histories [em_alert_history] table. Impact calculation is based on Alert History data and fields such as Overall Event Count, Priority, and Priority group are not copied to the Alert Histories [em_alert_history] table.
      • Do not specify a dynamic time condition. For example, in the filter, do not specify Created condition of Last 45 minutes because impact calculation is triggered by a change of alert or alert query. However, for the dynamic time condition, none of these conditions have changed. Do not specify a dynamic time condition
      • Some filters may slow down impact calculation. To solve this problem, adjust your alert query by adding an appropriate index, as described in Index suggestions for slow queries.
    4. Select Update.