Kevin Holman's OpsMgr Blog

Posts in this blog are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of Use

Are you interested in having a dedicated engineer that will be your Microsoft 'go to' technical resource, work with you on projects, provide training and also help troubleshoot problems that come up? Then Dedicated Support Engineering (DSE) is for you. Learn more at Microsoft Premier Services or contact your Technical Account Manager.

Auditing on Alerts from the Data Warehouse

Do you want auditing information on how many alerts are being closed or modified by your OpsMgr users?

You can use the following queries to get this information from the data warehouse, and I have attached some reports below as well:

To get all raw alert data from the data warehouse to build reports from:

select * from Alert.vAlertResolutionState ars
inner join Alert.vAlertDetail adt on ars.alertguid = adt.alertguid
inner join Alert.vAlert alt on ars.alertguid = alt.alertguid

To view data on all alerts modified by a specific user:

select ars.alertguid, alertname, alertdescription, statesetbyuserid, resolutionstate, statesetdatetime, severity, priority, managedentityrowID, repeatcount
from Alert.vAlertResolutionState ars
inner join Alert.vAlert alt on ars.alertguid = alt.alertguid
where statesetbyuserid like '%username%'
order by statesetdatetime

To view a count of all alerts closed by all users:

select statesetbyuserid, count(*) as 'Number of Alerts'
from Alert.vAlertResolutionState ars
where resolutionstate = '255'
group by statesetbyuserid
order by 'Number of Alerts' DESC

In the reports I have attached, you can pick a date and a time window, and run these same basic queries

Files attached below:

Published Monday, July 21, 2008 10:22 PM by kevinhol

Attachment(s): Alert_Reports.zip

Comments

# System Center Forum - Powershell Tip: Auditing Alerts from the Command Shell in Operations Manager 2007

Wednesday, August 20, 2008 11:55 PM by System Center Forum - Powershell Tip: Auditing Alerts from the Command Shell in Operations Manager 2007

PingBack from http://www.systemcenterforum.org/powershell-tip-auditing-alerts-from-the-command-shell-in-operations-manager-2007/

# re: Auditing on Alerts from the Data Warehouse

Thursday, October 02, 2008 11:14 AM by Richard

This looks very good Kevin, I have been looking for a report like this, how do i import into opsmgr?

# re: how to import

Thursday, October 02, 2008 11:35 AM by kevinhol

You can upload the reports I post for the opsDB if you create a data source... and then create a folder to upload them to:

http://blogs.technet.com/kevinholman/archive/2008/06/27/creating-a-new-data-source-for-reporting-against-the-operational-database.aspx

To import you simply upload the file to a folder.

I document how to create reports from scratch - using a SQL query in a basic example here:

http://blogs.technet.com/kevinholman/archive/2008/09/03/using-opsmgr-to-see-which-servers-have-not-been-logged-on-to-via-rdp.aspx

# re: Auditing on Alerts from the Data Warehouse

Friday, October 03, 2008 8:28 AM by Richard

Thanks for the information, Have you ever tried to map the alert to which management pack raised the alert?

Title (required)
Name required
Your URL
Comments (required)
Remember Me?

Kevin Holman's OpsMgr Blog

This Blog

Syndication

Search

Tags

News

Archives

OpsMgr Websites:

Other OpsMgr Blogs:

Auditing on Alerts from the Data Warehouse

Comments

# System Center Forum - Powershell Tip: Auditing Alerts from the Command Shell in Operations Manager 2007

# re: Auditing on Alerts from the Data Warehouse

# re: how to import

# re: Auditing on Alerts from the Data Warehouse

Leave a Comment