locked
Need help creating a Correlated Event Detection monitor RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I have a server running a script which is monitors the health of a custom app.  Every 5 minutes, the script will generate either Event ID 60000 or 60001.  If the application is healthy it will generate 60000. But when there's a problem it will generate Event 60001.  So.... should I be using a Correlated Event Detection?  If so, should I select "The first occurence of A with the configured occurrence of B in chronological order"?

    Thanks,

    Tom

    Tom Martin Email: tmartin@caa.com
    Tuesday, July 13, 2010 1:02 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Event Reset monitor will cover what you need.  6001 is the unhealthy event you're detecting.  6000 is the reset (healthy) event.  This proves that both events are used in the monitor workflow to your boss.

    In the Operations Console, you'll find this under Windows Events > Simple Event Detection > Windows Event Reset.

    HTH, Jonathan Almquist - MSFT
    • Marked as answer by martit01 Wednesday, July 21, 2010 12:42 AM
    Tuesday, July 20, 2010 1:37 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Why wouldn't you just look for your 60001 event - if this signifies a problem, correlating this with a "no problem, boss" message seems like overkill.
    Microsoft Corporation
    Tuesday, July 13, 2010 3:41 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Dan, I appreciate your suggestion and believe it or not I offered that suggestion before, but the boss wants to be able to see a health monitor proving that the scipt is generating the health id-60000. Then when it goes to 60001 the monitor should go to a critical state.

    Thanks,

    Tom

    Tom Martin Email: tmartin@caa.com
    Tuesday, July 13, 2010 10:33 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Then do a two state monitor.  The healthy event i sthe 6000, the 6001 event is the unhealthy event.
    Microsoft Corporation
    • Proposed as answer by Vivian Xing Wednesday, July 14, 2010 10:24 AM
    • Marked as answer by Vivian Xing Monday, July 19, 2010 9:59 AM
    • Unmarked as answer by martit01 Monday, July 19, 2010 6:09 PM
    Wednesday, July 14, 2010 12:30 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    From what I can see, a two state monitor is only for Performance Counters. I'm lookikng for Windows Events.
    Tom Martin Email: tmartin@caa.com
    Monday, July 19, 2010 6:10 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Event Reset monitor will cover what you need.  6001 is the unhealthy event you're detecting.  6000 is the reset (healthy) event.  This proves that both events are used in the monitor workflow to your boss.

    In the Operations Console, you'll find this under Windows Events > Simple Event Detection > Windows Event Reset.

    HTH, Jonathan Almquist - MSFT
    • Marked as answer by martit01 Wednesday, July 21, 2010 12:42 AM
    Tuesday, July 20, 2010 1:37 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks Jonathan.
    Tom Martin Email: tmartin@caa.com
    Wednesday, July 21, 2010 12:42 AM