Multiple entries for same alert in SCOM 2012 R2 Database

sreejeet nambiar 21 Reputation points
2020-10-15T12:36:31.67+00:00

Hi,

I have been noticing this behaviour from sometime, that multiple entries are created for same alert in SCOM 2012 R2 Database.
One thing I noticed is, these multiple alert entries have one Column for Ticket ID and one of this entries is NULL and the other entry shows the Ticket ID for that alert.
Is this a normal behaviour of how SCOM stores the alert data in the Database.
I am using SQL Query to fetch this data from the Database. I guess this is the same result if I generate Reports using the Reporting tab.

Also, is it possible to get an alert report, showing only one entry for similar alert?

Thanks,
Sreejeet

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,489 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. sreejeet nambiar 21 Reputation points
    2020-10-15T13:35:13.327+00:00

    Also one more query I would like to add here is that, when I generate report by running the SQL query the time stamp will show exact 2 hours difference (attached the screenshot). What could be the reason for this. I see the Database server and the SCOM server have the same time zone set.

    32673-time-difference.png

    0 comments No comments

  2. Peter Svensson 211 Reputation points
    2020-10-26T19:01:28.04+00:00

    I believe all time in the SCOM Datawarehouse is in UTC time, thats whay you see the time differnce.

    As for multiple entries from your query. It all depends on which fields you select in your query.
    For instance, if you have an alert with different resolution states and you have that in your query you are going to get multiple rows back.
    You can try to use DISTINCT in your Select clause to only get unique entries.

    0 comments No comments

  3. SChalakov 10,391 Reputation points MVP
    2020-10-26T21:41:21.54+00:00

    Hi @sreejeet nambiar ,

    @Peter Svensson has a point here, well actually two:

    • The SCOM DB shows the UTC time indeed
    • The query result very much depends on the query itself. In regards to this I have two recommendations:
      1. Test the data, using a build in report.
      2. Post the query here, so we can try it and give you some feedback.

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)
    Regards,
    Stoyan


  4. CyrAz 5,181 Reputation points
    2020-10-28T09:44:04.91+00:00

    I guess that's because there is one entry per state change in the DB which is perfectly normal, but if you could show us your query I'll be able to confirm it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.