0

0

We'd talked a few weeks ago about creating a Top Alerts Report in Powershell to improve upon the Top Alerts Report. So here are variations on that provides an additional elements versus the Top Alerts report (in the Microsoft ODR Report Library) by displaying based on the repeat count and the object for which the alert was logged. When I run the Top Alerts Report, the repeat count seems to be missing in the report logic.After a bit of working with this, I think these meet the need. These should make it easy to determine which computers are logging the most errors and which rules are the most problematic.

You can't detect noisy monitors on repeat count, because monitor-generated alerts do not have a repeat count property.

Note: All script samples contain | export-csv c:\alerts.csv to export the results to a spreadsheet for easy reading. Just remove this if you want to echo results to the screen.

#--------------------Begin Sample Script----------------------

# Most Common Among All Alerts (any resolution state)

get-alert | Sort -desc RepeatCount | select-object -first 10 Name, RepeatCount, MonitoringObjectPath | export-csv c:\alerts.csv

# Most Common Among All Active Alerts Raised in Last 7 days

$targetdate = (get-date).AddDays(-7)

get-alert | where-object {($_.ResolutionState -ne 255) -and ($_.TimeRaised -gt $targetdate)} | Sort -desc RepeatCount | select-object -first 10 Name, RepeatCount, MonitoringObjectPath | export-csv c:\alerts.csv

 #--------------------End Sample Script----------------------

Conclusion

One issue with our report at this point is that Rules and Monitors are different in that Rules have a repeat count and monitors do not. We’ll address that and a couple of additional items in the next installment.