Does anyone have a script I can run that will show all the triggered alerts that happened to a custom server group I created? I am on SCOM 2019

Question

I need to run this script probably weekly or monthly for multiple groups we support and all the groups have their own Server group I created for them. I have tried doing a google search, but could not find a link. I know there is a report in reporting tab, but we currently do not have reporting installed in our environment.

Answer 1

HI @JCC ,

Ok, you can limit the alerts to the last 7 days, but this is only possible if your retention settings are set to 7 days. You know that SCOM has two databses - The Operational Database, where tthe data is stored for max 7 days or depending on the data type (see here for more information and details) and afterwards the data is transfered to Data Warehouse where You can get it either using a SQL query (not very user friendly data formating) or using Reports (Reporting Services).

So back to your question - getting the data for the last 7 days. You need to adjust the code slightly:

 $GroupName = "Your Group Name Comes Here"  
 $Group = Get-SCOMGroup -DisplayName $GroupName  
 $ClassInstance = $Group.GetRelatedMonitoringObjects('Recursive')  
 $SCOMAlerts = Get-SCOMAlert -Instance $ClassInstance | where {$_.TimeRaised -ge (Get-Date).AddDays(-7)}  
$SCOMAlerts  

What yosu can also do to speed up the process is to only select Open Alerts (Exclude the closed resolution states) by modifying the script like this:

 $GroupName = "Your Group Name Comes Here"  
 $Group = Get-SCOMGroup -DisplayName $GroupName  
 $ClassInstance = $Group.GetRelatedMonitoringObjects('Recursive')  
 $SCOMAlerts = Get-SCOMAlert -Instance $ClassInstance -ResolutionState 0 | where {$_.TimeRaised -ge (Get-Date).AddDays(-7)}  
 $SCOMAlerts  

This will get you all New alerts from the last 7 days, generated by the group in question.

I hope this helps.

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov

Answer 2

HI @JCC ,

Let me start first by saying that I would recommmend you to install SCOM reporting Services. This is important because otherwise you cannot get data from SCOM, which is older then the Operational Database retention period, which is by default 7 days.
Installing Reporting Services for SCOM is fairly easy and there are hundreds of step-by-stzep guides out there which will help you in doing this.
Now back to your original question:
Get all alertss, related to the memberss of a custom SCOM group.

This is doable with PowerShell and in my opinion thee mosst basic piece of code that does the job is this:

$GroupName = "Your Group Name Comes Here"  
$Group = Get-SCOMGroup -DisplayName $GroupName  
$ClassInstance = $Group.GetRelatedMonitoringObjects('Recursive')  
$SCOMAlerts = Get-SCOMAlert -Instance $ClassInstance  
$SCOMAlerts  

If you would like to obtain additional information regarding the alert itself you can use the extended version of the same code, which is described here:

SCOM 2012 – Get Alerts From SCOM Group Showing Alert Source Information (Management Pack, Object Path, Monitor / Rule Name Etc.)
https://www.stefanroth.net/2013/12/03/scom-2012-get-alerts-from-scom-group-showing-alert-source-information-management-pack-object-path-monitor-rule-name-etc/

Although it says SCOM 2012 the cmdlets are the same.

I hope I could help you with that!

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov