SXI Forum
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 21-04-2021 19:40:26
- SeanR
- Administrator
- Registered: 20-11-2018
- Posts: 150
Collect Alerts from SCOM using POSTMAN
MS SCOM 2019 has a REST API which can be consumed directly in order to get details about alerts.
To connect to SCOM from a testing tool like Postman you need to do the following
Authenticate
You need to Base64 encode the following:
AuthenticationMode:DOMAIN\Username:Password
you will get something that looks like this
QXV0aGVudGljYXRpb25Nb2RlOkRPTUFJTlxVc2VybmFtZTpQYXNzd29yZA==
Set the following header
Content-Type: application/json
Call the following API
and place the base64 encoded string inside single quotes and add it to the body of your API call.
The response you receive will be a cookie with key value which looks as follows
SCOMSessionId - ivG2Q98PIBJiauARK9TP1LhiOKv2Fs63Dj4sXe0mpd0%3D
Notice that the SCOMSessionID is URLEncoded (you can decode the URL using this online tool) you need to decode that before you can use it.
Based on the URL Decoded SessionID from aboce you will get
ivG2Q98PIBJiauARK9TP1LhiOKv2Fs63Dj4sXe0mpd0=
Request Alerts
Using the decoded SessionID from the previous step, setup the following headers:
- Content-Type: application/json
- SCOM-CSRF-TOKEN: ivG2Q98PIBJiauARK9TP1LhiOKv2Fs63Dj4sXe0mpd0=
Now POST to the following URL
and put the following into the body of your request
{"criteria":"((Severity = '2') OR (Severity = '1'))",
"displayColumns": [
"severity","monitoringobjectdisplayname","name","age","repeatcount"
]
}The important part of the response you can expect will look as follows:
"rows": [
{
"id": "21ed9127-1cfd-4f44-bb1e-0801c43008c8",
"severity": "Error",
"monitoringobjectdisplayname": "Data Warehouse Synchronization Service",
"name": "Data Warehouse failed to deploy reports for a management pack to SQL Reporting Services Server",
"age": "1 hours, 44 minutes",
"repeatcount": 0
},
{
"id": "c84e3e47-0637-4eeb-87fa-0bc358c79712",
"severity": "Warning",
"monitoringobjectdisplayname": "SXISCOM.sxi.local",
"name": "Power Shell Script failed to run",
"age": "1 hours, 17 minutes",
"repeatcount": 0
}
]Notes:
The "cirteria" in the request can be changed to catch different kinds of alerts or Resolution statuses.
The "displayColumns" array in the request will be the fields that are returned as a response to your request.
Offline
#2 22-04-2021 08:02:27
- SeanR
- Administrator
- Registered: 20-11-2018
- Posts: 150
Re: Collect Alerts from SCOM using POSTMAN
To collect all Alerts with a resolution state of "new" use this in the body of your POST:
{"criteria":"(ResolutionState = '0')",
"displayColumns": [
"resolutionstate","severity","monitoringobjectdisplayname","name","age","repeatcount","lastmodified"
]
}Note:
All columns defined in the displayColumns array seem to need to be in LOWERCASE
Offline
#3 22-04-2021 16:08:27
- SeanR
- Administrator
- Registered: 20-11-2018
- Posts: 150
Re: Collect Alerts from SCOM using POSTMAN
To update an Alert you have to use the Alert's UUID and post to the following url (remember that you need to set the Content-Type header and get the SessionID the same way you did when collecting the the Alerts):
http://<SCOM Server>/OperationsManager/data/alertResolutionStates
add this to the body
{
"alertids":["<UUID>"],
"comment":"Closed from Postman",
"resolutionState": 254
}
This will change the Alert Status to Resolved and will add a comment to the "History" tab under the Alert's Properties.
Below are the default ResolutionCodes for SCOM2019:
Acknowledged = 249
Assigned to Engineering = 248
Awaiting Evidence = 247
Closed = 255
New = 0
Resolved = 254
Scheduled = 250Offline
Pages: 1