Recently we upgraded to NPM 10.6, and for the longest time we wanted to have some sort of report to show only acknowledged alerts. The idea was that the report could be ran daily to show the currently ack'ed alerts, and a supervisor could check in with the team member if need be to see what the progress is, or what the alert has been acknowledged for so long without being cleared.
This is the SWQL I came up with:
SELECT Nodes.Caption AS [Name], AlertDefinitions.Name AS [Alert Name], AlertStatus.TriggerTimeStamp AS [Alert Time], AlertStatus.AcknowledgedTime AS [Acknowledged Time], AlertStatus.AcknowledgedBy AS [Acknowledged By], AlertStatus.Notes FROM Orion.AlertStatus INNER JOIN Orion.Nodes ON AlertStatus.ActiveObject = Nodes.NodeID INNER JOIN Orion.AlertDefinitions ON AlertStatus.AlertDefID = AlertDefinitions.AlertDefID WHERE Acknowledged = '1'
This results in the following output:
| Name | Alert Name | Alert Time | Acknowledged Time | Acknowledged By | Notes |
| ComputerName | High RAM Utilization | 9/27/2013 3:27:48 PM | 9/27/2013 4:02:08 PM | DOMAIN\Username- Orion Website | Acknowledged:Acked for testing of Orion's reporting functionality. |
Note that this could be expanded to also only show alerts that have acknowledgements that are older than X number of days, or to convert the UTC time into the local time zone. However, currently the Orion SDK (v1.7) does not support the functions needed to pull this off, but should in "the next major release" (according to tdanner, as seen here: http://thwack.solarwinds.com/message/198138#198138)