I'm looking for a way to exclude the alerts for login failed on the Error Log Alert. If it can be logged as informational that's great but I don't want it to be a Warning and fire an email.
SQL Server instance <ServerName> recorded 4 error log messages requiring attention.
The messages are shown below in context (if applicable): Warning 5/17/2021 1:26:40 PM Logon Error: 18456, Severity: 14, State: 8.OK 5/17/2021 1:26:40 PM Logon Login failed for user 'login name'. Reason: Password did not match that for the login provided. [CLIENT: xxx.xxx.xxx.xx]
Unfortunately, the solution isn't going to be very simple. The reason is because SQLDM alerts on (1) the severities of the errors and (2) keywords.
In terms of the severity, you'll have to make sure that 14 would be in the range that's not going to raise an alert such as OK or INFORMATIONAL. This is a little difficult since you might be interested in severities 1 through 13, but not 14 specifically. More on this later.
For the keywords, you'll have to edit the advanced options and remove any keywords that might make this a WARNING or CRITICAL alert. For instance, you may want to make sure the term "failed" isn't listed on the advanced options.
Going back to the severities issue, you should be able to just set all severities to an OK state then configure the advanced options to manually specify which status any of the severities should have. It's a bit more work but it should be possible.
Powered by IDERA