This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 45%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Hi Team,
I'm having SCOM rule writing the events into DB, I need to filter the <data> value from the event data xml column.
If the error count value is greater than 5 need to create alert.
SQL query used to find the event data
select EventData FROM [OPSMGRDW].[Event].[vEventDetail] evdes
inner join Event.vEvent evid on evdes.EventOriginId = evid.EventOriginId
inner join dbo.vEventLoggingComputer evcomp on evid.LoggingComputerRowID = evcomp.EventLoggingComputerRowID
Event Data Structure
<EventData>
<DataItem type="System.XmlData" time="2020-08-17T13:16:02.5711926+01:00" sourceHealthServiceId="ADBCE-1111-bdfjhbdwjh-jhvbjhdf">
<EventData xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Data>INFO: error found Received Output: count 1
</Data>
<Data>0</Data>
<Data>StdOut: INFO: error found </Data>
<Data>1</Data>
</EventData>
</DataItem>
</EventData>
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more