OpsMgr Archives - Page 4 of 12

Hunting quick closing SCOM alerts

12/10/201707/01/2025
by Martin Ehrnst

I had a feeling that we had alot of alerts that closed automatically, very quickly and without any interaction from automation. To get an overview I put together this SQL query to run against the Datawarehouse DB.

The query joins three views and extract the alert Guids, name, ManagedEntity (monitoring object) and alert name.

select Res.AlertGuid, Res.TimeFromRaisedSeconds, Alert.AlertName, Entity.ManagedEntityDefaultName, Entity.ManagedEntityGuid from Alert.vAlertResolutionState AS Res INNER JOIN Alert.vAlert as Alert on Res.AlertGuid = Alert.AlertGuid INNER JOIN vManagedEntity AS Entity on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId where Res.TimeFromRaisedSeconds < '30' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-30, GETDATE())

With a little help from my DBA we ended up with this which also group alert name and count the # of alerts for each object
select --Res.AlertGuid --, Res.TimeFromRaisedSeconds COUNT(*) ,Alert.AlertName --, Entity.ManagedEntityDefaultName , Entity.Path , Entity.DisplayName from Alert.vAlertResolutionState AS Res INNER JOIN Alert.vAlert as Alert on Res.AlertGuid = Alert.AlertGuid INNER JOIN vManagedEntity AS Entity on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId where Res.TimeFromRaisedSeconds < '49' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-4, GETDATE()) GROUP BY AlertName, Path, DisplayName
For other useful SCOM SQL Queries, take a look at Kevin Holman’s blog

Azure

OMS and SCOM announcements from Ignite 2017

26/09/201707/01/2025
by Martin Ehrnst

Microsoft Ignite in Orlando has started, already on day one we got a lot of announcements and new features. In this post I will try to keep track of the updates on regarding monitoring and management. SCOM, OMS, Azure monitor etc.

Microsoft Operations Management Suite, Log Analytics, Azure Monitor

Azure Security Center for hybrid cloud.
Azure Monitor, near real-time alerts
New container monitoring solution
Using Log Analytics query across multiple workspaces
The OMS portal as we know it will be deprecated and everything integrated in to the Azure portal.

System Center Operations Manager

From the session “System Center : First look at advancements coming this year” held 26.09 we got the following annoucements regarding SCOM.

New release cadence.
- System Center 1801 prieview early November. Release Q1 2018
Service Map integration
Windows Server 2016 SDDC monitoring
Improved Unix/Linux support
- “setup improvements” hopefully a better way to deploy “manually”
- Kerberos support
- Log file monitoring with FluentD. Essentially this enables us to create monitors etc. based on logfiles as we can with Windows
SCOM 2016 HTML5 console
- Improved diagnostics and drill down – this is huge for those who haven’t invested in third-party software
- Custom widget support. Display other charts on your dashboard.
MP updates and recommendations (introduced in 2016) now supports 3rd party MPs. 56 partners with certified MPs are available.
Visual Studio Authoring Extension for VS 2017

Other interesting stuff

Operations Manager

SCOM 2016 WMI Health Monitor FIX

05/09/201707/01/2025
by Martin Ehrnst

As discussed on technet and within the SCOM community there was a bug introduced in SCOM 2016 which triggered the WMI health monitor. A couple of community fixes were introduced, and Morten Lerudjordet also created an addendum management pack with rewritten scripts that solved the issue.

Now Microsoft have released hotfix to their MP that fix this problem. So if you are upgrading or migrating to SCOM 2016 you should add this management pack before going in to production.

Hunting quick closing SCOM alerts

Share this:

OMS and SCOM announcements from Ignite 2017

Microsoft Operations Management Suite, Log Analytics, Azure Monitor

System Center Operations Manager

Other interesting stuff

Share this:

SCOM 2016 WMI Health Monitor FIX

Share this: