Top of my head, this would not be easily accomplished.
The problem is wanting the acknowledged alerts...
The only 2 places (that I know of) that have a marker for acknowledged alerts is the AlertStatus table, and the AuditingEvents table.
For the latter, you can use something like this:
select timeloggedutc ,auditeventmessage ,netobjectid ,netobjecttype from auditingevents where actiontypeid = 5 and (timeloggedutc > (getdate() -30))
For the former, you can't create a direct query that will show historical data for acknowledged alerts as they are cleared out of the AlertStatus table as they are acknowledged.
If you use the following, you can get a breakdown of all the alerts triggered over the past 30 days.
select l.logdatetime ,d.alertname ,l.objecttype ,l.objectname ,l.objectid from alertlog l join alertdefinitions d on d.alertdefid = l.alertdefid where l.message = 'alert triggered' and (l.logdatetime > (getdate() - 30)) order by l.logdatetime desc
The easiest method, though not ideal, would be to use both of the above queries and create a 2-part web report.
The better, though untested to my knowledge, method would be to create a trigger based on the AlertStatus table that copies the acknowledged alerts to a new table that you create, then report from that table.
Good luck!
Loop1 Systems: SolarWinds Training and Professional Services
- LinkedIN: Loop1 Systems
- Facebook: Loop1 Systems
- Twitter: @Loop1Systems