Option 1 - Clear the database quickly – lose ALL alerts

* WARNING *

This will remove all alerts, they will not be archived, you will not be able to identify the cause of the problem.

Start > Programs > Server Options > Advanced > SQL Server > Purge > Yes

This may take some time to clear, you can use the refresh button to refresh the number of alerts.

Identify and delete alerts using SQL

If you are not familiar with SQL, then please ask your database administrator for assistance with these commands. These commands can also be run using SQL Server management Studio if you have it installed and know how to use it.

My database instance is called “Halcyon” and is on the local server – yours may be different.

Open SQLCMD and connect to the HALCYON instance

  1. From the command prompt, type: sqlcmd -S(local)\HALCYON
  2. Press ENTER

Set SQL to use the HEC database

  1. At the prompt type: USE HEC
  2. Press ENTER
  3. At the prompt type: GO
  4. Press ENTER

Retrieving the TOTAL number of alerts

  1. At the prompt type: select count(*) from ecdata
  2. Press ENTER
  3. At the prompt type: GO
  4. Press ENTER

Identify the device with the most number of alerts

  1. At the prompt, type: select deviceguid, count(alertid) from ecdata group by deviceguid
  2. Press ENTER
  3. At the prompt type: GO
  4. Press ENTER

Copy the deviceguid of the device with the highest amount of alerts and use that to identify which device it is.

  1. At the prompt, type: set rowcount 20
  2. Press ENTER
  3. At the prompt, type: select header from ecdata where deviceguid = '{DF7EF895-227D-4254-91C1-B426202651CA}' order by alertdatetime desc
  4. Press ENTER
  5. At the prompt, type: set rowcount 0
  6. Press ENTER
  7. At the prompt, type: GO
  8. Press ENTER

You can now identify the device from the <Address></Address> field in the XML.

Take action to prevent further alerts being generated.

To delete the alerts for a specific device

  1. At the prompt, type: delete from ecdata where deviceguid = '{ DF7EF895-227D- 4254-91C1-B426202651CA}'
  2. Press ENTER
  3. At the prompt, type: GO
  4. Press ENTER
  5. This can take several minutes to complete
  6. At the prompt, type: delete from ecaction where alertid not in (select alertid from ecdata)
  7. Press ENTER
  8. At the prompt, type: GO
  9. Press ENTER

This will have cleared the alerts for the offending device from the database an enable you to open the console. The rule/conditions that caused this may still exist so it is important you identify how this is occurring and fix the rule.

Closing the SQLCMD window

  1. At the prompt type: quit
  2. Press ENTER

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 29, 2020