Skip to content
adatum
  •  SCOM Web API
  • About adatum
Site Search
Operations Manager

Hunting quick closing SCOM alerts

  • 12/10/201712/10/2017
  • by Martin Ehrnst

 

I had a feeling that we had alot of alerts that closed automatically, very quickly and without any interaction from automation. To get an overview I put together this SQL query to run against the Datawarehouse DB.

The query joins three views and extract the alert Guids, name, ManagedEntity (monitoring object) and alert name.


select Res.AlertGuid, Res.TimeFromRaisedSeconds, Alert.AlertName, Entity.ManagedEntityDefaultName, Entity.ManagedEntityGuid from Alert.vAlertResolutionState AS Res
INNER JOIN Alert.vAlert as Alert
on Res.AlertGuid = Alert.AlertGuid
INNER JOIN vManagedEntity AS Entity
on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId
where Res.TimeFromRaisedSeconds < '30' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-30, GETDATE())

 

With a little help from my DBA we ended up with this which also group alert name and count the # of alerts for each object

select
--Res.AlertGuid
--, Res.TimeFromRaisedSeconds
COUNT(*)
,Alert.AlertName
--, Entity.ManagedEntityDefaultName
, Entity.Path
, Entity.DisplayName
from Alert.vAlertResolutionState AS Res
INNER JOIN Alert.vAlert as Alert
on Res.AlertGuid = Alert.AlertGuid
INNER JOIN vManagedEntity AS Entity
on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId
where Res.TimeFromRaisedSeconds < '49' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-4, GETDATE())
GROUP BY AlertName, Path, DisplayName

For other useful SCOM SQL Queries, take a look at Kevin Holman’s blog

Share this:

  • LinkedIn
  • Twitter
  • Email
Operations Manager

HealthServiceStore.edb file growth

  • 25/03/201508/04/2015
  • by Martin Ehrnst

A while back i got an alert that system drive on one of our monitored servers was full. When examining what was consuming disk space I noticed that HealthServiceStore.edb, located in the agent’s Health Service State folder was way to large.

HealthServiceStore.edb is where the result of every workflow that runs on this agent is stored and sent to your Management Server(s). An agent running a lot of performance counters (Exchange, SQL etc) will probably have a larger database file than your average file server.

At first, i tried to flush the agents cache wich did not work. The next thing i tried was to run the “online store maintenance” task from OpsMgr console, this task will run a de-fragmentation of the database file.
onli

You can follow the result in the event log, HealthService (7404) Health Service Store: Online defragmentation is beginning a full pass on database ‘<C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Health Service Store\HealthServiceStore.edb>’.

Did this work? No, my database file was still huge.
The next thing to do, is to perform a “Dirty Defrag” on the DB file. To do this,

  • open your favorite shell and navigate to C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Health Service Store
  • Stop Healthservice.exe (Microsoft Monitoring Agent)
  • Run esentutl /r edb (recovery mode)
  • Start defragmentation by running esentutl /d HealthServiceStore.edb

esentutl

Your healthservicestore.edb should now have a normal size.

Do you have anything to include, please comment.

Share this:

  • LinkedIn
  • Twitter
  • Email

Top Posts

  • Web API for System Center Operations Manager
  • Working with Azure Monitor Rest API
  • SCOMpercentageCPUTimeCounter cause CPU Spike
  • Maintenance Mode based on Event
  • Using webhook in scom subscription (POC)

Recent Comments

  • Martin Ehrnst on Speaking at SCOM Dagen 2018
  • layola on Speaking at SCOM Dagen 2018
  • Martin Ehrnst on Maintenance Mode based on Event
  • Kamal sharma on Maintenance Mode based on Event
  • Creating a serverless application with Powershell: Introduction | adatum on Serverless application with PowerShell: Azure Functions

Archives

  • October 2018
  • September 2018
  • August 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • June 2017
  • May 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • January 2016
  • September 2015
  • August 2015
  • June 2015
  • April 2015
  • March 2015

Categories

  • Automation
  • Azure
  • Azure Active Directory
  • Community
  • Conferences
  • CSP Monitoring
  • DevOps
  • MPAuthoring
  • OMS
  • Operations Manager
  • Powershell
  • Uncategorised
  • Windows Admin Center
  • Windows Server
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress
  • SCOM Web API
  • About adatum
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.