cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Edmanuel_Ferrer
05 Base Camper
‎08-23-2018 09:48 AM
‎08-23-2018 09:48 AM

Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Hello, I am trying to find out how to write a where clause to filter out data older than 5 minutes for a Prognosis threshold I am building. Normally, I would not have to define a time range when I put together a threshold, but  if I do not define a time window, each interval check that the threshold performs, immediately sends alerts even though the reference data is more or less an event log. AVHISTORY checks against the active log but does not behave like a HISTORICAL record (one that has the 'deliver differences' behavior) so each interval that passes I get another volume of emails referencing the same alerts as before. I have tried filtering using the TIME record but prognosis cannot resolve the type of this literal: TIME < 10  Minutes  AND ACTION = "cha" AND OBJECT = "station"  AND QUALFIER = "8452". My goal is to be able to instantly report critical changes to my PBX's (trunks, routes, signaling groups) via email using the dispatch manager. If there is another way I could accomplish this more effectively, that would be great.

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Shoaib_Dilawar
12 Sherpa
‎08-23-2018 10:40 AM
‎08-23-2018 10:40 AM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Hi @Edmanuel_Ferrer,

 

TIME is actually a string field, but there is also a TIMESTMP field of timestamp type that you can use. So if you want to only look at data within last 10 minutes, you can apply the following filter:

TIMESTMP >  CurrentTime - 10  Minutes 

 

Also, if you check the 'Off Event' checkbox under 'Message Defaults' tab, then a condition that is true and remains true would only generate 1 alert, keep it open untill its false and then marks it closed. Without using the 'Off Event' checkbox, it will keep opening new alerts and automatically mark them as closed.


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib

View solution in original post

Reply
5 REPLIES 5
Shoaib_Dilawar
12 Sherpa
‎08-23-2018 10:40 AM
‎08-23-2018 10:40 AM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Hi @Edmanuel_Ferrer,

 

TIME is actually a string field, but there is also a TIMESTMP field of timestamp type that you can use. So if you want to only look at data within last 10 minutes, you can apply the following filter:

TIMESTMP >  CurrentTime - 10  Minutes 

 

Also, if you check the 'Off Event' checkbox under 'Message Defaults' tab, then a condition that is true and remains true would only generate 1 alert, keep it open untill its false and then marks it closed. Without using the 'Off Event' checkbox, it will keep opening new alerts and automatically mark them as closed.


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
Reply
Edmanuel_Ferrer
05 Base Camper
‎08-23-2018 10:55 AM
‎08-23-2018 10:55 AM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Thank you for the swift reply Shoaib. I applied the recommended where clause string with no success. Upon further investigation, I found that Prognosis is not converting the issue time into the prognosis format, shown here:Blank_collection.png

Is there record I could reference or should I open a support ticket to address the blank TIMESTMP field?

 

0 Likes
Reply
Shoaib_Dilawar
12 Sherpa
‎08-23-2018 01:51 PM
‎08-23-2018 01:51 PM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Hi @Edmanuel_Ferrer,

 

you are right, looks like that field is not being populated. As you suggested, pls open a support case for further inverstigation. 

Did the 'Off Event' not do the trick? You can also play with 'Log every' and 'Do not log' options as well.


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
0 Likes
Reply
Edmanuel_Ferrer
05 Base Camper
‎08-23-2018 02:15 PM
‎08-23-2018 02:15 PM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

Hi Shoaib,

 

I havent tried the Off Event since the AVHISTORY record is more or less logging events rather than changing states. I am, however interested in the 'Log every' and 'Do not log' options, unless they reference the log frequency section. I have tried setting the 'Log at most every...' to 5 minutes or so and my check interval is set for 1 minute. Once I started the threshold, I recieved seven emails per minute with the same batch of alerts coming in as if the 'log at most...' setting never took effect. Thank you for your time Shoaib, it is deeply appreciated.

0 Likes
Reply
Shoaib_Dilawar
12 Sherpa
‎08-29-2018 01:29 PM
‎08-29-2018 01:29 PM

Re: Creating a where clause to filter out Avaya AVHISTRY record data older than 5 minutes

@Edmanuel_Ferrer

 

That was what I was reffering to. One thing I'd mention is that if a new event is triggered, even for same issue, e.g username/password mismatch, it will be considered a new etry (based on unique identifiers), so in this case 'Log at most .' would not help.


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
0 Likes
Reply

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect