Share via

SCOM Alert Param Finder

  • Article

Every IT Business is unique in nature which has data center, application and process aligned to business needs. Microsoft SCOM 2007/2012/2016 provides a platform to monitor enterprise data center, applications and operations to ensuring IT functions as expected and generate alert on proactive and reactive situations. 

To generate alert for situations, Microsoft provides flexibility to design and configure custom workflows (Alerting Rules and monitors) to capture a situation and generate alerts using custom management packs. Workflows are composed of one or more modules. A module in Operations Manager performs a discrete function based on information that is provided to the module through parameters. For example, a module may detect an event, collects a particular performance counter, runs a script, or generates an alert. A workflow can achieve complex functionality by piecing together different modules that perform different required actions.

Refer below link for module type:
https://msdn.microsoft.com/en-us/library/ee533869.aspx

Refer below link for Workflow types:
https://technet.microsoft.com/en-gb/library/ff381314.aspx 

Refer below link for SCOM data types:
https://msdn.microsoft.com/en-us/library/ee533469.aspx 

If we drill down to a module, each module takes some input and performs certain actions and outputs the results. The output result is a SCOM data type passed to the next module. 

Any alert generating Workflow has System.Health.GenerateAlert module as a write action module and this module needs an input as System.BaseData from previous modules as shown below. 

The System.Health.GenerateAlert Module uses this data to populate Alert parameters. As each workflow is unique in nature and System.Based Data is different for each module type and passed to System.Health.GenerateAlert, this make the process of configuring alert parameters challenging and leads to 'Parameter replacement during creation of the alert failed' alert.

Solution:

An alert is generated from SCOM rule or monitor as thumb rule, alert param follows below param syntax:  

Rule :$Data/<xpath of xml element in System.Based Data >$ 

Monitor: $Data/Context/<xpath of xml element in System.Based Data >$ 

For any alert, System.Based passed by a previous module to System.Health.GenerateAlert is captured in Alert context, and you can view this data from a PowerShell query.

Refer to below link for more information on querying SCOM alerts:
https://docs.microsoft.com/en-us/powershell/systemcenter/systemcenter2016/operationsmanager/vlatest/get-scomalert 

Script: following script query alert context and produces XPath for any element or attribute in 2 to 3 steps. 

Script input param

The script asks for input (ElemenName or AttributeName or AttributeName and AttributeValue) by displaying alert context as shown below. 

Select appropriate option and enter value to generate XPath value.

Note: ElementName,AttributeName, AttributeValue are case sensitive.

Script Download path:  https://gallery.technet.microsoft.com/SCOM-Alert-Param-Finder-627e8b75

How to use script:

Syntax:

> $alert | SCOMAlert-ParamFinder 
 
Run SCOMAlert-ParamFinder with full help  for  more information. 
 
> Help SCOMAlert-ParamFinder -full

SCOM 2007: 

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client  
 
New-ManagementGroupConnection -ConnectionString <<SCOM RMS server name>> 
 
Get-alert –Name  <<Alert Name >>| select -first 1 | SCOMAlert-ParamFinder

SCOM 2012 / 2016: 

Import-module OperationsManager  
 
New-SCOMManagementGroupConnection –ComputerName <<SCOM MS name>> 
 
Get-scomalert -Name  <<Alert Name >> | select -first 1 | SCOMAlert-ParamFinder