Bulk Acknowlegement of Alerts

06 Trekker

Bulk Acknowlegement of Alerts

Is there a script or process to bulk remove unacknowledged and open alerts? I have a system that I burned in for months and the alerts are duplicates
6 REPLIES 6
Community Manager

Re: Bulk Acknowlegement of Alerts

HI Cedric,

Open alerts just require you to stop the threshold.
Alerts requiring acknowledgement, you could create a custom threshold with a command destination. Pulling in the problem number and using that in the command destination and the acknowledge command should get those all acknowledged. It has been a while since I tested that approach but I believe this is how I have done it in the past.

Let me know if you get stuck on the custom threshold piece.

Re: Bulk Acknowlegement of Alerts

To add to Adam's response there is a .CMD file in the Knowledge->Command->Comand Store that you can issue too. You can technically create a clearing condition for multiple thresholds utilizing this in an analyst or a command line script. I do not have an example handy.. but this is what it does.

Acknowledge Problem
Destination: Control Threshold
Command: Ack problem #IRField0.#IRField1 analyst "#IRField2"

Ignore
Destination: Automated Control Analyst
Command: stop problem #IRField0 . #IRField1 analyst #IRField2

If you also execute these from within an analyst there I believe some additional commands and options built into analyst syntax.

They both effectively do the same thing though for your purpose and its mostly a matter of syntax to the different destinations.

Christopher

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Sr. Services Solution Engineer, Payments & Infrastructure – MSci. PA, CISSP, ITIL.
06 Trekker

Re: Bulk Acknowlegement of Alerts

Good Morning Christopher.

Thanks for the response. Where can I find some documentation on the items under Command Store. Right now I am looking for information on the first three which are around Acknowledging Dispatched Messages, Problem, & SNMP Traps. I ask as the Prompts in "Acknowledge Problem - Prompt Form" are not descriptive. All three prompts are labeled the same.
Community Manager

Re: Bulk Acknowlegement of Alerts

Hi Cedric,

Let me mock up a sample threshold that uses the existing acknowledge command and send it your way.
06 Trekker

Re: Bulk Acknowlegement of Alerts

Thank you Adam
Highlighted
IR Partner

Re: Bulk Acknowlegement of Alerts

Hi Adam, could you send me this example, please? BR Bernd
Webinar: The Journey to Microsoft Teams - Readiness Phase (part 2)

Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.

Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.

Join webinar