Let's gather statistics about how much alerts are being generated by each management pack in your SCOM environment.
These operations should be done in operations manager shell.
First of all we need to determine how much management packs do we have:
(get-managementpack).count
How much alerts do we have:
(get-alert).count
Alerts by each management pack(output to csv file):
foreach ($MP in (get-managementpack))
{
$MPname = $MP.name
$counter = 0
$monitors = @()
$rules = @()
$namearray = @()
foreach ($mon in $mp.getmonitors()) {$Namearray += ($mon.id).tostring()}
foreach ($rul in $mp.getrules()) {$Namearray += ($rul.id).tostring()}
foreach ($alert in (get-alert))
{
if ($NameArray -contains ($alert.monitoringruleID).tostring())
{$counter ++}
}
$result = $MPName + " " + $counter >> C:\@temp\alertsMP.csv
echo $result
}
The earliest alert:
get-alert | sort @{expression="timeraised";descending=$true}
it is not an elegant way, but I had no time to think how to do it better :)
Now we can calculate the percentage of "alerting " of each management pack.
Top alerts count(sql-query to Operations Manager DB):
use operationsmanager
SELECT distinct AlertStringName, SUM(1) AS AlertCount
FROM Alertview WITH (NOLOCK)
GROUP BY AlertStringName
ORDER BY AlertCount DESC
Basing on these simple scripts you can quickly gather an overall condition of your SCOM alerting.
I hope it was informative for you!
No comments:
Post a Comment