Why are there no alerts coming in?

Every now an then someone will ping me and ask me why they are not seeing any new alerts.  My first question is, do you expect an alert for some reason?  Sometimes there may be an issue with SCOM.  But every now and then we find that SCOM is working just fine, and that their entire environment is seemingly healthy for a period of time.

Note: Also see this quick and easy method to check whether an agent is communicating.

One thing I ask customers to do is create a rule to capture a synthetic transaction, which can be initiated from any agent to test communications and monitoring workflow.  With this simple rule, if they ever suspect a problem with an agent not working correctly for some reason, or perhaps that SCOM is not generating the volume of alerts it most commonly does, we can generate a very simple synthetic transaction and validate that monitoring data is making its way to the console.

Here’s how.

Create the rule

Create a new rule as shown, saving to your extended monitoring MP.

Complete the general screen as shown.

Paste the following text into the rule description, as it will come in handy later.

EventCreate /T ERROR /ID 101 /L APPLICATION /SO TEST /D "This is a synthetic transaction test only. Disregard this event."

Event log type is Application.

Build the expression as shown.

Configure alerts as shown, and click create.
 

Now when you want to create a synthetic transaction to test whether alerting is working, you can copy what you had pasted into the rule description earlier and paste that into a command prompt on any Windows Server (2003 or later version) with an agent installed.

If alerting data is flowing as it should, you’ll see a new alert in the console.