SXI Forum

A place to collect usefull tips, tricks and implementation strategies.

You are not logged in.

Pages: 1

#1 22-04-2021 17:11:37

SeanR
Administrator
Registered: 20-11-2018
Posts: 148

Get SCOM Alerts using PowerShell and the REST API

To COLLECT Alerts from SCOM create a PowerShell script (e.g. GetAlerts.ps1) with the following code:

$scomHeaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$scomHeaders.Add('Content-Type','application/json; charset=utf-8')
$bodyraw = "AuthenticationMode:<DOMAIN>\<USERNAME>:<PASSWORD>"
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($bodyraw)
$EncodedText =[Convert]::ToBase64String($Bytes)
$jsonbody = $EncodedText | ConvertTo-Json

$uriBase = 'http://<SCOM_SERVER>/OperationsManager/authenticate'
$auth = Invoke-RestMethod -Method POST -Uri $uriBase -Headers $scomheaders -body $jsonbody -UseDefaultCredentials -SessionVariable websession

$query = @{
"classId" = $null;
"objectIds" = $null;
"criteria"= "(((Severity = '1') or (Severity = '2')) AND (ResolutionState = '0'))" ;
"displayColumns" = "severity","monitoringobjectdisplayname","name","age","repeatcount","lastmodified","resolutionstate","ticketid"
} 

$jsonquery = $query | ConvertTo-Json
$Response = Invoke-WebRequest -Uri "http://<SCOM_SERVER>/OperationsManager/data/alert" -Method Post -Body $jsonquery -ContentType "application/json" -UseDefaultCredentials -WebSession $websession
$alerts = ConvertFrom-Json -InputObject $Response.Content
$alerts.rows | select id,monitoringobjectdisplayname,name,severity,resolutionstate,lastmodified,age,ticketid

You will receive a Response that will look something like this

id                                         : b506ce29-9bb8-4c93-8be0-6a53dfc68757
monitoringobjectdisplayname : demohost01.sxi.local
name                                   : OleDB: Results Error
severity                               : Error
resolutionstate                     : New
lastmodified                         : 2021-04-22T08:20:41.2000000Z
age                                     : 6 hours, 46 minutes
ticketid                                :

id                                         : f1400c42-1699-4e00-95fb-9482418be391
monitoringobjectdisplayname : demohost01.sxi.local
name                                   : System Center Management Health Service Unloaded System Rule(s)
severity                                : Error
resolutionstate                      : New
lastmodified                          : 2021-04-22T07:57:31.3270000Z
age                                      : 7 hours, 9 minutes
ticketid                                 :

id                                         : f1f3fd94-0a4d-4adc-bab6-960013d52f30
monitoringobjectdisplayname : demohost02.sxi.local
name                                   : OleDB: Results Error
severity                                : Error
resolutionstate                      : New
lastmodified                          : 2021-04-22T08:20:41.2000000Z
age                                      : 6 hours, 46 minutes
ticketid                                 :

The $query can be changed to fine-tune what you are collecting.  Here are some starting parameters

Severity
0 - Information
1 - Warning
2 - Error
Priority
0 - Low
1 - Medium
2 - High
ResolutionState
Acknowledged            = 249
Assigned to Engineering = 248
Awaiting Evidence       = 247
Closed                  = 255
New                     = 0
Resolved                = 254
Scheduled               = 250

Offline

Pages: 1

Board footer

Powered by FluxBB