Summary: Learn how to specify the Alert type in Microsoft Operations Management Suite Search and how to filter alerts by using various fields to quickly parse data.
Good morning everyone. Ed Wilson here, and today I want to talk about using Microsoft Operations Management Suite Search to look for alerts. I can use the Alert Management tile to get a quick overview of my alerts:
But I might want to search for alert data on my own so that I can dive into the stuff that I am most concerned about. One of the cool things about Alert Management is that, like other things in MS OMS, information is search driven. So the better I understand MS OMS Search, the better I can do things that I am most interested in doing.
Use the Alert type
The first thing I need to do is to log Search from the MS OMS home screen. When the Search page opens, I use the filter Type = Alert. The next thing I am probably interested in are alerts that are not closed. So my query looks like this:
The Search page with my query and the results are shown here:
Filter alert results
I was able to run a query that returned 1,768 items from the last seven days. To me, that is a bit much. So I want to filter the results. But by what? Well, I need to know what properties are available. So I open the first record by clicking the [+] show more under the first record. This results are shown here:
A quick perusal of the fields shows me that I am probably interested in the following three items:
I decide to search only for errors:
Type=Alert AlertState!=Closed AlertSeverity=Error
Here is a screenshot of the search query and results:
Now I am interested in an alert priority of High. So I add this revision to my query:
Type=Alert AlertState!=Closed AlertSeverity=Error AlertPriority=High
Note Remember that by default MS OMS Search parameters automatically include “and.” So the previous query is a type of alert, and a state that is not closed, and a severity of error, and a priority of high.
The query and the output are shown here:
Cool. Now I have the output down to three records. But I am also only interested in new alerts. So I add this to the query:
Type=Alert AlertState!=Closed AlertSeverity=Error AlertPriority=High AlertState=New
This time my results did not change, but it does help me confirm that the alerts I am looking at are all high priority errors that are new. Groovy. I now have my work items for the day—that is to check out these alerts. Sweet. MS OMS for the win!
That is all I have for you today. Join me tomorrow when I’ll talk about more way cool #MSOMS stuff.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at email@example.com. I wish you a wonderful day, and I’ll see you tomorrow.
Microsoft Operations Management Team