Operations Manager 2007: Get-Alert Cmdlet

This is the first of several blog posts that I’m moving to this site.

The get-alert cmdlet has several parameters available for filtering its output. The examples below will only use the –criteria parameter. I’m using the measure-object cmdlet to show some output, it’s not practical to display 4 or 5 pages of alerts per example. The alerts can just as easily be piped to the convert-csv cmdlet or displayed to the screen.

To show all alerts for Computer ADDC01 and pipe the output to the export-csv commandlet.
>get-alert -criteria ‘NetbiosComputerName = ”ADDC01”’| export-csv c:\alert.csv

To show all Resolved alerts for computer ADDC01
>get-alert -criteria ‘NetbiosComputerName = ”ADDC01” AND ResolutionState = ”255”’

Get a count of all alerts whose names start with AD.
>get-alert -criteria ‘Name Like ”AD%”’ | measure-object
Count    : 4 

Get a count of how many alert names that have the string SQL in them.
>get-alert -criteria ‘Name Like ”%SQL%”’| measure-object
Count    : 47

Get a count of how many new alerts there are:
>get-alert -criteria ‘ResolutionState = ”0”’ | measure-object
Count    : 192  

To display a count of all alerts whose time last modified is grater than or equal to 3/13/2008
>get-alert -criteria ‘LastModified >= ”3/13/2008”’ | measure-object
Count    : 54 

To display a count of all alerts whose time last modified is grater than or equal to 3/13/2008 10:00:00 AM and whose severity is warning.
>get-alert -criteria ‘LastModified >= ”3/13/2008 10:20:00 AM” AND Severity = ”1”’ | measure-object
Count    : 17

To display a count of all alerts whose owner is JoeOMAdmin@mycompany.com
>get-alert | where-object {$_.Owner -eq “JoeOMAdmin@mycompany.com“} | measure-object
Count    : 1

Resources for the Get-Alert cmdlet link to the SCOM SDK Criteria Expression Syntax web page http://msdn2.microsoft.com/en-us/library/bb437603.aspx Resolution State and Severity Values in an alert are stored as numbers. If you have created custom Resolution States look up the ID number in the Administration tab, under Settings double click the Alerts applet. The default resolution state and Severity values are shown below.

 

Resolution State Severity Values for Alerts
0 = New 0 = INFORMATIONAL
255 = Closed 1 = WARNING
 

2 = CRITICAL

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.