Description: Support have coded the below sample analyst as a guide and template for customers to use for the following need:
You have a record and where clause and you want to only alert if it matches 4 or more rows (The qty is configurable) in a single interval. Thresholds do not have this ability as "Log after XX Occurrences" acts differently (That is per row across multiple intervals).
Attached to this post in a text file with the full analyst code. In its current form, it will only trigger an alert if you have 4 notepad documents open. If you have 3 open, it won’t trigger. If you have 10 open, it will still only trigger once per interval (Not 6 times). Feel free to start it up and test it by opening and closing certain qty of notepads.
I have written this analyst in a way that you can simply make a couple small changes and reuse it for your record and need. The below screenshot shows the parts you would need to amend to use it for your record. The rest should remain as is.
Cost:This analyst is provided free of charge by support as part of our proactive initiative. I urge you to share your alterations with the community by either replying to this post or starting a new topic. The forum does allow text and picture files to be added. So Just post a short description of what your analyst is used for and upload the text file with it’s code.
Analysts are very powerful and flexible but sometimes hard to master.
If you have any questions about this analyst, feel free to post here too. Even just a short reply saying this helped would be great so I know to add further tips and tricks like this.
I'll answer first in this reply for DIspatching via email and do a second reply for SNMP afterwards:
As per screenshot below, you replace the IF section with an ACTION section and add 2 very specific lines.
- The highlighted "EMAIL part is the dispatch Group or Profile as set in dispatch manager (Mine is called EMAIL)
Attached is a screenshot showing the change to the original analyst, and a copy of the amended analyst text file.
The useful online help topic relating to this code is here: http://help.prognosis.com/dr/Prognosis_11-2/mergedProjects/System_Functions/HTML_Files/Analyst/Analy...
Here is the information for modifying the above Analyst to dispatch to SNMPTrap destination:
Relevent Online help topic: http://help.prognosis.com/dr/Prognosis_11-2/mergedProjects/System_Functions/HTML_Files/Analyst/Analy...
WIth this one, I do think there are a couple methods but in my example below, I put the SNMP Trap settings at the top config section and did 2 simple lines to SNMPTRAP to it. The online help topics go into the more complex V3 format if you need that. I do think most people still dispatch to V1 or V2c traps.
(I did test this to a trap receiver and it worked)