Friday, June 12, 2015

SCOM - Alert Widget Template Using Logical Expression Filtering

OK so I'll admit that if you're not very familiar with the new dashboard widgets of SCOM, then the title of this post might seem like I've just swallowed a dictionary!

However, this is merely a cross-post to bring yet another awesome new community contribution from Wei H Lim to your attention.

Let me give you some context to this first though...

When you've deployed SCOM, imported your management packs and pushed out your agents it'll just be a matter of time before than empty console view becomes full of alerts. This can be a good and bad thing. Good because you are now seeing the issues that exist within your environment and bad because not all of those alerts might be relevant to you.

When you want to stop the alerts that aren't relevant to you from appearing in your console, you need to tune them out (or create overrides to disable or modify them). What you don't want to do is to just close all those alerts with a swift stroke of the CTRL + A keys and a click of your mouse. This is because some of those alerts will have been created by monitors and others will have been created by rules.

The Old Alert Filtering Method

A few years back, Cameron Fuller (Yoda-level SCOM consultant and System Center MVP) wrote a blog post explaining why you don't want to do this and I'll encourage you to take a quick read of his post before continuing on with this one:

OpsMgr: Never close an alert for a monitor – the exception to the “Rule of the monitor”

That post was written for SCOM 2007 R2 and the general recommendation was that you could bulk-close alerts that were generated by rules but not ones generated by monitors - once you had managed to identify which ones you could close first!

The New Alert Filtering Method

Since then, we have access to the new dashboard widgets - one of which is the 'Alert Widget'. A little known trick to help you with alert tuning is to use the 'Is Monitor Alert' display column to quickly sort alerts generated by monitors from alerts generated by rules.

Cameron has written another post on this topic:

QuickTrick: Find alerts from a monitor or rule in OpsMgr 2012

The introduction of this widget has given us a taste of how we can filter alerts into a customized and relevant view for whatever scenario we might have.

An Even Better Alert Filtering Method

Although the original Alert Widget solves the problem of displaying alerts generated by monitors and alerts generated by rules, it's still limited in how it can filter those alerts in the first place. This widget has three different Criteria options to choose from - Severity, Priority and Resolution State and sometimes these options just aren't enough.

This is something that Wei H. Lim noticed and decided to remedy with a new sample Alert Widget that makes use of custom fields to give you filtering through logical expressions.

Confused? Don't worry, all will become clearer when you check out his full post here:

You can download the sample alert widget from the TechNet Gallery here (although you'll need to read his post first to understand how to configure it):

Cheers Wei for another cool community offering!

No comments:

Post a Comment