This is from an old ArcSight KB:

Question

How to delete all the notifications and their statuses from the database all at the same time?

Answer

If certain notifications are no longer needed, have become obsolete, or the number of them has become so large that it affects performance, you may want to delete all notifications at once.

Resolution:

Note: The following steps will permanently and irrevocably remove all existing notifications and their statuses from the database.

1. Stop the Manager Service.

2. Backup the system tables

3. Login to the Database Server as the arcsight user

3. At the SQL> prompt, execute the following commands:

delete from arc_notification_history;

delete from arc_notification_registry;

commit;

Hello farridem,

Thanks for the info, I am using ArcSight Express CORR Engine, is this applicable to AE as well?

Regards,

SGS

Honestly can't answer that. We don't have any AE in our environment.

This worked for me in AE 3.0 and 4.0.

1.- /etc/init.d/arcsight_services stop manager

2.- cd /opt/arcsight/logger/current/arcsight/bin/

3.- ./mysql -u arcsight -p

4.- mysql> use arcsight;

5.- mysql> delete from arc_notification_history;     

6.- mysql> delete from arc_notification_registry;

7.- mysql> commit;

8.- /etc/init.d/arcsight_services start manager

A recommendation useful:

First identify the rule that is filling you with notifications and disable it.

Hi,

Would like to know the procedure to delete this for Arcsight Manager Version 6.0.0.1378.1.

Thank you.

Regards,

Ryan

Work Fine for:

Build versions:

        conapp:6.4.0.6711.2

        esm:6.1.0.1389.0(BE1389)

        storage:BL1124

        process management:4.0-1311

        installer:4.0-1311

So it should work for you too.

Regards,

Robinson