Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In System Center - Operations Manager, a rule or a monitor can generate an alert. For an explanation of rules and monitors, see What is in an Operations Manager Management Pack?
Some rules and monitors are configured to send an alert when specific conditions are met, such as a certain event occurring or an operation failing. Not every rule and monitor generates an alert. When the default configuration of a monitor is to not send alerts, you can configure an override on the monitor to enable alerts. For information about configuring overrides, see How to Override a Rule or Monitor.
You can configure a monitor to generate an alert when health state changes to warning (yellow) or critical (red), or only when state changes to critical. For example, a monitor for free disk space detects that disk space on a computer is below the configured threshold. The monitor changes the health state to critical and sends a single alert. After the monitor sends the alert, it doesn't generate future alerts as long as the health state doesn't change from critical to healthy (green). If the health state changes to healthy and then the disk space drops below the threshold again, the monitor sends another alert when the health state changes to critical.
If a monitor sends an alert for warning or critical, and the monitor sent an alert when the state changed to warning, it sends a second alert when the stage changes from warning to critical only if the first alert is closed. If the alert that you sent when the state changed to warning remains open, no alert is sent when the state changes from warning to critical.
The following illustration shows the state changes that can generate an alert.
Most alerts generated by monitors are automatically resolved when the health state returns to healthy. If a monitor isn't configured to automatically resolve its alert, you can configure an override on the parameter Auto-Resolve Alert for the monitor.
Note
Rules can't automatically resolve alerts.
Unlike monitors, rules can continue to send alerts as long as the condition that caused the alert persists or repeats. Depending on what the rule is checking for, a single issue could possibly generate a huge number of alerts. To prevent the noise of too many alerts, you can enable alert suppression for a rule.
Note
You can enable alert suppression only when you create the rule. You can't enable alert suppression by using an override.
When you enable alert suppression for a rule, Operations Manager sends only the first alert and suppresses further alerts. A suppressed alert isn't displayed in the Operations console. Operations Manager suppresses only duplicate alerts as defined by the alert suppression criteria. Fields stated in the suppression criteria must be identical for the alert to be considered a duplicate and suppressed. An alert must be created by the same rule and be unresolved to be considered a duplicate.
You can personalize the Active Alerts view to add the Repeat Count column. The repeat count for an alert with suppression enabled increments for each suppressed alert. You can also view the repeat count in the properties for an alert.
Important
Alerts generated by monitors with the same instance ID are suppressed by default, but the alert properties in the console don't show this. Usually, monitors have a repeat count of zero (0). However, starting from SCOM 2019 UR3, if a monitor isn't healthy and is reinitialized, the repeat count goes up by one. The repeat count keeps increasing if the monitor is reinitialized without becoming healthy.
Alerts generated by rules are suppressed by default if the rule definition in the management pack contains an empty "Suppression Value" tag. However, nothing in the alert properties, as viewed in the console, indicates that suppression is enabled. You see the suppression if you view the Repeat Count column for the alert.
Next steps
To understand the behavior of alerts generated by monitors and how to approach managing alerts from them, see How to Close an Alert Generated by a Monitor.
After investigating and resolving the issue detected by one or more monitors, see How to Reset Health to manually reset health if the monitor isn't configured to auto-resolve or you don't want to wait for the monitor to detect health state.
To help investigate health problems detected by monitors, see Using Health Explorer to Investigate Problems.