SCOM Daily Alert Summary


I thought it would be usefull to have a small Daily Alert Summary that can be mailed to several persons within the organization. The benefit would be that the IT organization as a Team would be made aware of alerts and that they get stimulated to resolve alerts. Of course it can be interesting to also send it to the IT managers, perhaps even to show you need more resources to resolve some errors (cpu, memory, disks,…)

The summary would have to list:

– Total number of alerts that occurred yesterday
   This can indicate if there are a lot of monitors that are flip flopping

– The number of active alerts (total, critical, warning, informational)
   This should always be as low as possible

– A sorted list of the “yesterday” alerts based on number of occurences and Name
   These are the alerts on which you should start to work pro-actively , especially if the count is high.

– A sorted list of the current critical alerts, perhaps the most urgent ones to work on 😉

This will be the output:


And here’s the script:

#DailyAlertSummary.ps1
Import-Module OperationsManager
New-SCOMManagementGroupConnection -ComputerName YourSCOMSERVER.iscool.local

#Get between dates Yesterday
$AlertDateYesterdayBegin = [DateTime]::Today.AddDays(-1)
$AlertDateYesterdayEnd = [DateTime]::Today.AddDays(-1).AddSeconds(86399)

#Get yesterday alerts
$YesterdayAlerts = @(get-scomalert | where {$_.TimeRaised -gt $AlertDateYesterdayBegin -and $_.TimeRaised -lt $AlertDateYesterdayEnd})

#write the output
write-host
write-host NUMBER OF ACTIVE ALERTS YESTERDAY: ($YesterdayAlerts).Count
write-host
write-host CURRENT NUMBER OF ACTIVE ALL           ALERTS: @(get-scomalert | where {$_.ResolutionState -ne ‘255’}).count
write-host CURRENT NUMBER OF ACTIVE CRITICAL      ALERTS: @(get-scomalert | where {$_.ResolutionState -ne ‘255’ -and $_.Severity -eq ‘2’}).count  -foregroundcolor “red”
write-host CURRENT NUMBER OF ACTIVE WARNING       ALERTS: @(get-scomalert | where {$_.ResolutionState -ne ‘255’ -and $_.Severity -eq ‘1’}).count  -foregroundcolor “yellow”
write-host CURRENT NUMBER OF ACTIVE INFORMATIONAL ALERTS: @(get-scomalert | where {$_.ResolutionState -ne ‘255’ -and $_.Severity -eq ‘0’}).count
write-host
write-host
write-host TOPLIST OF YESTERDAYS ALERTS SORTED BY COUNT:

#list and sort yesterday alerts
$YesterdayAlerts | Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table –auto
write-host

#list and sort current active alerts
write-host CURRENT ACTIVE CRITICAL ALERT LIST:  -foregroundcolor “red”
(get-scomalert | where {$_.ResolutionState -ne ‘255’ -and $_.Severity -eq ‘2’} | Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table –auto)

Note: Don’t forget to make use of all the great reports that are in Operations Manager!
Also check out my Alert Summary Management Pack here

Samuel.

Advertisements

5 Responses to SCOM Daily Alert Summary

  1. Nice output. Have you considered modifying so it includes the same data but for an earlier time period? This way the data tells you where you are but also where you’ve been….identify trends in Alert reduction or uptick.

    • Samuel Dubrul says:

      Yes, i’ve played with that idea. Maybe creating a rule in scom that keeps track of the daily alert count or making the script generate its output in an excel or something like that.

  2. Tristan says:

    Thansk for your script – I’ve already modified it to be able to specify how many days before today you want to start the report + a duration…
    You should add also a top 10 list of alerts sorted by repeatcount ! You will be very surprise to see a single alert repeated hundreds of times…

    write-host “TOP 10 LIST OF ALERTS SORTED BY REAPEATCOUNT WITH MONITORING OBJECT PATH”
    #list top noisiest alerts
    $LastdayAlerts | Sort -desc RepeatCount | select-object -first 10 Name, RepeatCount, MonitoringObjectPath |Format-Table –auto | Out-String -Width 4096

    you will have a result like : http://1.bp.blogspot.com/-X0A-DHgTkOo/UMCkghYtMiI/AAAAAAAAAg4/27Hv21fmJS8/s1600/TOP10Alertby+Repeatcount.jpg

  3. […] time ago i’ve created a Daily Alert Summary report (https://dynamicdatacenter.wordpress.com/2012/12/04/scom-daily-alert-summary/). Based upon that post i decided to create my “Alert Summary Management Pack” […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s