To get alerts from SCOM in PowerShell, we use the Get-SCOMAlert cmdLet
Unfortunately the help file does not describe how to use the Criteria cmdlet.
Instead they get all Alerts and filter using the “where” cause to filter. This causes unnessesary processing on the scom server as Stefan has described in his article Here
Stefan does not describe all the possible combinations and operators.
To find these i had to find the .NET reference, therefore a decided to consolidate all the info in this blog post.
example of the use of the parameter:
Get-SCOMAlert -Criteria "ResolutionState = 0 AND Severity = 2 AND IsMonitorAlert = 1"
It works almost like the where clause, but the operator are different, and you need to know the fields available for filtering.
Operators:
More info: http://msdn.microsoft.com/en-us/library/bb437603.aspx
Comparison Operators
You can use comparison operators when constructing a criteria expression. The valid operators are described in the following table:
| Operator | Description | Example(s) | ||
|---|---|---|---|---|
|
=, == |
Evaluates to true if the left and right operand are equal. |
|
||
|
!=, <> |
Evaluates to true if the left and right operand are unequal. |
|
||
|
> |
Evaluates to true if the left operand is greater than the right operand. |
|
||
|
< |
Evaluates to true if the left operand is less than the right operand. |
|
||
|
>= |
Evaluates to true if the left operand is greater than or equal to the right operand. |
|
||
|
<= |
Evaluates to true if the left operand is less than or equal to the right operand. |
|
||
|
LIKE |
Evaluates to true if the left operand matches the pattern that is defined by the right operand. Use the characters in the wildcard table later in this topic to define the pattern. |
Evaluates to true if the Name value is "SQLEngine."
Evaluates to true if the Name value is "MySQLEngine." |
||
|
MATCHES |
Evaluates to true if the left operand matches the regular expression defined by the right operand. For information about and examples of regular expression syntax, see the MSDN topic, .NET Framework Regular Expressions. |
Evaluates to true if the Name value is "SQL2005." |
||
|
IS NULL |
Evaluates to true if the value of the left operand is null. |
Evaluates to true if the ConnectorId property does not contain a value. |
||
|
IS NOT NULL |
Evaluates to true if the value of the left operand is not null. |
Evaluates to true if the ConnectorId property contains a value. |
||
|
IN |
Evaluates to true if the value of the left operand is in the list of values defined by the right operand.
|
Evaluates to true if the value of the Id property is one of the two globally unique identifiers provided in the expression. |
||
|
AND |
Evaluates to true if the left and right operands are both true. |
|
||
|
OR |
Evaluates to true if either the left or right operand is true. |
|
||
|
NOT |
Evaluates to true if the right operand is not true. |
|
Note Wildcard Characters
The following table defines the wildcard characters you can use to construct a pattern when using the LIKE operator:
| Wildcard | Description | Example | ||
|---|---|---|---|---|
|
% |
A wildcard that matches any number of characters. |
Evaluates to true if the Name value is "SQLEngine."
Evaluates to true if the Name value is "MySQLEngine." |
||
|
_ |
A wildcard that matches a single character. |
Evaluates to true for the following Name values: "SQL2000" "SQL2005"
|
||
|
[] |
A wildcard that matches any one character that is enclosed in the character set.
|
Evaluates to true for the following Name values: "SQL2000" "SQL2005" The expression evaluates to false for "SQL2003." |
||
|
[^] |
A wildcard that matches any one character that is not enclosed in the character set. |
Evaluates to true for "SQL2003." The expression evaluates to false for "SQL2000" and "SQL2005." |
Fields
To see the complete list you can look at the reference manual for MonitoringAlertCriteria here: http://msdn.microsoft.com/en-us/library/hh327662.aspx
I have inserted the list below
-
Id
-
Name
-
Description
-
MonitoringObjectId
-
MonitoringClassId
-
MonitoringObjectName
-
MonitoringObjectDisplayName
-
MonitoringObjectPath
-
MonitoringObjectFullName
-
IsMonitorAlert
-
ProblemId
-
MonitoringRuleId
-
ResolutionState
-
Priority
-
Severity
-
Category
-
Owner
-
ResolvedBy
-
TimeRaised
-
TimeAdded
-
LastModified
-
LastModifiedBy
-
TimeResolved
-
TimeResolutionStateLastModified
-
CustomField1
-
CustomField2
-
CustomField3
-
CustomField4
-
CustomField5
-
CustomField6
-
CustomField7
-
CustomField8
-
CustomField9
-
CustomField10
-
TicketId
-
Context
-
ConnectorId
-
LastModifiedByNonConnector
-
MonitoringObjectInMaintenanceMode
-
MonitoringObjectHealthState
-
ConnectorStatus
-
NetbiosComputerName
-
NetbiosDomainName
-
PrincipalName
-
AlertParams
-
SiteName
-
MaintenanceModeLastModified
-
StateLastModified
Thank you Jakob, your Get-SCOMAlert Criteria explanation is very good 🙂
Updated collection of OpsMgr Command Shell one-liners with many examples of multiple parameters via -criteria at http://www.systemcentercentral.com/BlogDetails/tabid/143/IndexID/89870/Default.aspx
Hi Jakob,
I also published a blogpost some time ago on how to use the Get-SCOMAlert Cmdlet using the -criteria parameter.
http://blogs.technet.com/b/stefan_stranger/archive/2012/11/02/get-scomalert-cmdlet-the-criteria-parameter-and-the-non-equal-operator.aspx
Regards,
Stefan Stranger
Vind ipad…
Coretech Blog » Blog Archive » SCOM2012: Using the Get-SCOMAlert Criteria Parameter (Complete Reference)…
The Get-ScomAlert command to get alerts for a particular computer is not working for me.
Get-SCOMAlert -Criteria “ResolutionState = 0 AND (Netbioscomputername = ‘XXXX’ OR NetBiosComputerName IS NULL)”.
I get this
Get-SCOMAlert : The property Netbioscomputername is not valid for the given criteria.
Even if I remove the null statement and enter the command like this is does not work.
Get-SCOMAlert -Criteria “Netbioscomputername like ‘QSQL01′”
I can get the alerts like this.
Get-SCOMAlert -Criteria “ResolutionState = 0” | ?{$_.Netbioscomputername -eq ‘XXXX’}
Any pointers will be much appreciated. I am using SCOM 2012 R2 on UR9.