Using SCOM get-scomalert criteria

The scom alerts for a particular computer can be retrieved by the following commands.

Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match ‘SQL’ -OR $_.PrincipalName -match ‘WEB’}

Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like ‘%SQL%’  or PrincipalName like ‘%WEB%’}}

There is significant difference in the time taken for the two commands to be processed.

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match ‘SQL’ -OR $_.PrincipalName -match ‘WEB’}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 604
Ticks : 6047616
TotalDays : 6.99955555555556E-06
TotalHours : 0.000167989333333333
TotalMinutes : 0.01007936
TotalSeconds : 0.6047616
TotalMilliseconds : 604.7616

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like ‘%SQL%’  or PrincipalName like ‘%WEB%’}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 156
Ticks : 1564777
TotalDays : 1.81108449074074E-06
TotalHours : 4.34660277777778E-05
TotalMinutes : 0.00260796166666667
TotalSeconds : 0.1564777
TotalMilliseconds : 156.4777

The winner is clearly the criteria field. The accepted ones are .

Id

Name

Description

MonitoringObjectId

MonitoringClassId

MonitoringObjectName

MonitoringObjectDisplayName

MonitoringObjectPath

MonitoringObjectFullName

IsMonitorAlert

ProblemId

MonitoringRuleId

ResolutionState

Priority

Severity

Category

Owner

ResolvedBy

TimeRaised

TimeAdded

LastModified

LastModifiedBy

TimeResolved

TimeResolutionStateLastModified

CustomField1

CustomField2

CustomField3

CustomField4

CustomField5

CustomField6

CustomField7

CustomField8

CustomField9

CustomField10

TicketId

Context

ConnectorId

LastModifiedByNonConnector

MonitoringObjectInMaintenanceMode

MonitoringObjectHealthState

ConnectorStatus

NetbiosComputerName

NetbiosDomainName

PrincipalName

AlertParams

SiteName

MaintenanceModeLastModified

StateLastModified

Some more examples using criteria.

$Alerts = get-ScomAlert -criteria {“Name LIKE ‘Failed to connect to computer%’ and ResolutionState = 0”}

$Alerts = Get-ScomAlert -criteria {“TimeRaised > ’01/03/2017 23:59:00′ and ResolutionState != 0”}

Important note: The criteria parameters are case sensitive  so make sure you are using the right one.

 

 

 

 

 

Advertisements

About parag waghmare

I am working on the Windows technologies for a long time now. Primarily working as a Service Engineer on System Center products. Right now on System Center 2012 and Windows Server 2012. I have worked extensively on MOM 2005 to SCOM 2007 migrations and SCOM 2007 to SCOM 2012 migrations.
This entry was posted in SCOM 2012 and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s