To get alerts from SCOM in PowerShell, we use the Get-SCOMAlert cmdLet

Unfortunately the help file does not describe how to use the Criteria cmdlet.

Instead they get all Alerts and filter using the “where”  cause to filter. This causes unnessesary processing on the scom server as Stefan has described in his article Here

 

Stefan does not describe all the possible combinations and operators.

To find these i had to find the .NET reference, therefore a decided to consolidate all the info in this blog post.

 

example of the use of the parameter:

Get-SCOMAlert -Criteria "ResolutionState = 0 AND Severity = 2 AND IsMonitorAlert = 1"

It works almost  like the where clause, but the operator are different, and you need to know the fields available for filtering.

 

Operators:

More info: http://msdn.microsoft.com/en-us/library/bb437603.aspx

Comparison Operators

You can use comparison operators when constructing a criteria expression. The valid operators are described in the following table:

 

Operator Description Example(s)

=, ==

Evaluates to true if the left and right operand are equal.

Name = 'mymachine.mydomain.com'

!=, <>

Evaluates to true if the left and right operand are unequal.

Name != 'mymachine.mydomain.com'

>

Evaluates to true if the left operand is greater than the right operand.

Severity > 0

<

Evaluates to true if the left operand is less than the right operand.

Severity < 2

>=

Evaluates to true if the left operand is greater than or equal to the right operand.

Severity >= 1

<=

Evaluates to true if the left operand is less than or equal to the right operand.

Severity <= 3

LIKE

Evaluates to true if the left operand matches the pattern that is defined by the right operand. Use the characters in the wildcard table later in this topic to define the pattern.

Name 'LIKE SQL%'

Evaluates to true if the Name value is "SQLEngine."

Name LIKE '%SQL%'

Evaluates to true if the Name value is "MySQLEngine."

MATCHES

Evaluates to true if the left operand matches the regular expression defined by the right operand. For information about and examples of regular expression syntax, see the MSDN topic, .NET Framework Regular Expressions.

Name MATCHES 'SQL*05'

Evaluates to true if the Name value is "SQL2005."

IS NULL

Evaluates to true if the value of the left operand is null.

ConnectorId IS NULL

Evaluates to true if the ConnectorId property does not contain a value.

IS NOT NULL

Evaluates to true if the value of the left operand is not null.

ConnectorId IS NOT NULL

Evaluates to true if the ConnectorId property contains a value.

IN

Evaluates to true if the value of the left operand is in the list of values defined by the right operand.

noteNote
The IN operator is valid for use only with properties of type Guid.

Id IN ('080F192C-52D2-423D-8953-B3EC8C3CD001', '080F192C-53B2-403D-8753-B3EC8C3CD002')

Evaluates to true if the value of the Id property is one of the two globally unique identifiers provided in the expression.

AND

Evaluates to true if the left and right operands are both true.

Name = 'SQL%' AND Description LIKE 'MyData%'

OR

Evaluates to true if either the left or right operand is true.

Name = 'SQL%' OR Description LIKE 'MyData%'

NOT

Evaluates to true if the right operand is not true.

NOT (Name = 'IIS' OR Name = 'SQL')

Wildcard Characters

The following table defines the wildcard characters you can use to construct a pattern when using the LIKE operator:

 

Wildcard Description Example

%

A wildcard that matches any number of characters.

Name LIKE 'SQL%'

Evaluates to true if the Name value is "SQLEngine."

Name LIKE '%SQL%'

Evaluates to true if the Name value is "MySQLEngine."

_

A wildcard that matches a single character.

Name LIKE 'SQL200_'

Evaluates to true for the following Name values:

"SQL2000"

"SQL2005"

noteNote
The expression evaluates to false for "SQL200" because the symbol _ must match exactly one character in the Name value.

[]

A wildcard that matches any one character that is enclosed in the character set.

noteNote
Brackets are also used when qualifying references to MonitoringObject properties. For more information, see Defining Queries for Monitoring Objects.

Name LIKE 'SQL200[05]'

Evaluates to true for the following Name values:

"SQL2000"

"SQL2005"

The expression evaluates to false for

"SQL2003."

[^]

A wildcard that matches any one character that is not enclosed in the character set.

Name LIKE 'SQL200[^05]'

Evaluates to true for

"SQL2003."

The expression evaluates to false for

"SQL2000" and

"SQL2005."

Fields

To see the complete list you can look at the reference manual for MonitoringAlertCriteria here: http://msdn.microsoft.com/en-us/library/hh327662.aspx

I have inserted the list below

  • Id

  • Name

  • Description

  • MonitoringObjectId

  • MonitoringClassId

  • MonitoringObjectName

  • MonitoringObjectDisplayName

  • MonitoringObjectPath

  • MonitoringObjectFullName

  • IsMonitorAlert

  • ProblemId

  • MonitoringRuleId

  • ResolutionState

  • Priority

  • Severity

  • Category

  • Owner

  • ResolvedBy

  • TimeRaised

  • TimeAdded

  • LastModified

  • LastModifiedBy

  • TimeResolved

  • TimeResolutionStateLastModified

  • CustomField1

  • CustomField2

  • CustomField3

  • CustomField4

  • CustomField5

  • CustomField6

  • CustomField7

  • CustomField8

  • CustomField9

  • CustomField10

  • TicketId

  • Context

  • ConnectorId

  • LastModifiedByNonConnector

  • MonitoringObjectInMaintenanceMode

  • MonitoringObjectHealthState

  • ConnectorStatus

  • NetbiosComputerName

  • NetbiosDomainName

  • PrincipalName

  • AlertParams

  • SiteName

  • MaintenanceModeLastModified

  • StateLastModified