locked
powershell scripts to list all the alerts (severity =information, priority = high) from OperationsManager DW for one day? RRS feed

  • Question

  • I created a rule that each event 4079 (from each server) will generate an alert, severity =information, priority = high, I can run SCOM report to list the alerts sorted by each server in a daily period from OperationsManager DW

    I am really new to Powershell,  can anyone tell me what the powershell command (scripts) can do the same?

    list all the alerts (severity =information, priority = high) from OperationsManager DW for one day (ex:  12:01 am yesterday to 12:01 am today)

     

     

    Thank you in advance

    Lisa

     

     

     

    Tuesday, March 30, 2010 2:38 PM

Answers

  • That will do it, but might be a bit slow if there are a lot of alerts to search through.  Another option that is maybe a bit trickier but higher performance is to use the -criteria parameter on Get-Alert:

    $today = [datetime]::Today.ToUniversalTime()  # UTC time corresponding to midnight this morning
    $yesterday = $today - [TimeSpan]::FromDays(1)  # UTC time corresponding to midnight yesterday morning
    
    # build a criteria string (basically a SQL query)
    # 0 = Information severity, 2 = High priority
    $criteria = "Severity = 0 AND Priority = 2 AND TimeRaised >= '$yesterday' AND TimeRasied < '$today'"
    
    Get-Alert -Criteria $criteria

    The next decision is how to display the alert info.  If you don't do a little custom formatting, powershell will just dump out ALL information about the alert, which is probably more than you want.  You can play around with it, but below might be enough:

    Get-Alert -Criteria $criteria | select MonitoringObjectDisplayName,Name,TimeRaised | sort MonitoringObjectDisplayName
    • Marked as answer by lisa2926 Tuesday, March 30, 2010 6:59 PM
    Tuesday, March 30, 2010 5:42 PM
  • Hi there.  I'm not great with PowerShell, but I think you could do this with something like this.  However, I'm pretty sure this comes from the OpsDB and not the Data Warehouse.  I'm not sure how you could use the command shell to get at the warehouse.

    Get-Alert | Where {$_.severity -eq "information" -and $_.priority -eq "high" -and $_.TimeRaised.ToLocalTime().date -ge "mm/dd/yyyy" -and $_.TimeRaised.ToLocalTime().date -le "mm/dd/yyyy"}

    Jonathan Almquist has a great collection of SCOM Command Shell examples here.  Maybe these are enough to get you going in the right direction.


    Layne
    • Marked as answer by lisa2926 Tuesday, March 30, 2010 6:59 PM
    Tuesday, March 30, 2010 4:00 PM

All replies

  • Hi there.  I'm not great with PowerShell, but I think you could do this with something like this.  However, I'm pretty sure this comes from the OpsDB and not the Data Warehouse.  I'm not sure how you could use the command shell to get at the warehouse.

    Get-Alert | Where {$_.severity -eq "information" -and $_.priority -eq "high" -and $_.TimeRaised.ToLocalTime().date -ge "mm/dd/yyyy" -and $_.TimeRaised.ToLocalTime().date -le "mm/dd/yyyy"}

    Jonathan Almquist has a great collection of SCOM Command Shell examples here.  Maybe these are enough to get you going in the right direction.


    Layne
    • Marked as answer by lisa2926 Tuesday, March 30, 2010 6:59 PM
    Tuesday, March 30, 2010 4:00 PM
  • That will do it, but might be a bit slow if there are a lot of alerts to search through.  Another option that is maybe a bit trickier but higher performance is to use the -criteria parameter on Get-Alert:

    $today = [datetime]::Today.ToUniversalTime()  # UTC time corresponding to midnight this morning
    $yesterday = $today - [TimeSpan]::FromDays(1)  # UTC time corresponding to midnight yesterday morning
    
    # build a criteria string (basically a SQL query)
    # 0 = Information severity, 2 = High priority
    $criteria = "Severity = 0 AND Priority = 2 AND TimeRaised >= '$yesterday' AND TimeRasied < '$today'"
    
    Get-Alert -Criteria $criteria

    The next decision is how to display the alert info.  If you don't do a little custom formatting, powershell will just dump out ALL information about the alert, which is probably more than you want.  You can play around with it, but below might be enough:

    Get-Alert -Criteria $criteria | select MonitoringObjectDisplayName,Name,TimeRaised | sort MonitoringObjectDisplayName
    • Marked as answer by lisa2926 Tuesday, March 30, 2010 6:59 PM
    Tuesday, March 30, 2010 5:42 PM
  • Thank you Layne and Lincoln,   both are very helpful, and are what I want.

    I have tested which works

     

    Get-Alert | Where {$_.severity -eq "information" -and $_.priority -eq "high" -and $_.TimeRaised.ToLocalTime().date -eq "03/27/2010"} |select monitoringObjectDisplayName,Name,TimeRaised | sort MonitoringObjectDisplayName |export-csv –path c:\adsm_alert_0327.csv

    Tuesday, March 30, 2010 7:07 PM
  • Nice Lincoln, thanks!
    Layne
    Tuesday, March 30, 2010 8:11 PM