SCSM Grouping Alerts RRS feed

  • Question

  • Dear ALL

    I want to group alerts of SCSM of each individual System, like if a system generates alerts regarding hard disk then all alerts will be visible in bunch or group. kindly help in this matter.


    Faisal Alvi

    Tuesday, July 23, 2013 9:35 AM

All replies

  • I think you meant SCOM alert instead of SCSM alert.

    However, I am making assumption that you have a SCOM connector configured in Service Manager to send the SCOM alerts to Service Manager as an Incidents.

    in SCOM:

    • Create a “Resolution State” in SCOM (e.g. “Raise Incident in SM”) then use that as the criteria in SCOM Alert connector.
    • Create a PS that populates the alert type (e.g. Hard Disk, SQL, ...) to one of the alert custom field (e.g. custom field 10), this script can be used a command channel if the SCOM subscriptions are configured per alert type (e.g. Hard Disk, SQL, ...) 
    • Create a PS script to change the SCOM Alert Resolution State to “Raise Incident in SM”, then that PS is used as a command channel under the SCOM subscriptions (the previous PS script must to run first)  

    in SCSM:

    • Make sure the Incident classification Category list covers all the different alert type (e.g. Hard Disk, SQL,...)
    • Create an Incident template per alert type (e.g.  Incident Classification Category = Hard Disk)
    • SCOM Alert Connector > Alert Routing Rules > Create 1 rule per alert type (e.g. if custom field 10 = " Hard Disk" apply the Incident template where Incident Classification = Hard Disk)

    in summary, following the above steps, the SCOM alert (e.g. related to Hard Disk) will be logged as incident in Service Manager with "Hard Disk" as the Incident Classification Category. then it will be easy to create views (grouping incidents) based on the Incident Classification Category.

    Hope this helps!

    Tuesday, July 23, 2013 12:11 PM
  • Dear Aymen,

    I need to explain what i need actually regarding alerts with grouping and here i am explaining my company environment.

    We are running SCSM 2012 and SCOM 2012.

    We have different remote branches with different services.

    Requirement: if remote link down between "Head office and Remote Site" then different alerts would be generate like Heart Beats failure, Services down / failure and others.

    I need all the alerts in a single alert that shows that ABC Site Down with following issues.

    Does this make sense? If yes, then please let me know and what are the best practices in this regard.


    Faisal Alvi

    Thursday, August 15, 2013 7:11 AM
  • of course you can use distributed applications in SCOM with SCSM business service

    Service Manager will not connect related incidents and services to each other by default. For example if I get an alert about C: on a logical disk that is in my service component list, the incident will not show up as a related item on my service. The service will not either show up as a related item on the incident. To get this to work you need to generate an alert with the same as the service. In my case an alert named “Contoso – myService”. This can be done with some planning and a couple of dependency rollup monitors in Operations Manager.

    Please check


    Mohamed Fawzi | http://fawzi.wordpress.com

    Friday, September 27, 2013 11:49 PM