How to use the Alerts tile
The Alerts tile allows you to view and action SCOM alerts on your dashboards and perspectives. This document describes how to get started with the Alerts tile.
This guide will walk you through how to configure the Alert tile. You may also like to watch the Alert Management Webinar.
The Alerts tile button (along with several other tiles) displays a little plus up the top right. This indicates that there are more tiles available from this one button.
After selecting the Alerts tile you will get the choice of List or Donut.
The Alerts dashboard on the Overview menu shows a list of error, warning and information alerts, and you can add alerts tiles to any dashboard or perspective.
The Donut tile shows a summary of the number of alerts either by severity, priority or resolution state.
When configuring the Donut tile the grouping section allows you to select whether the donut shows severity, priority or resolution state. The display section allows you to change the size of the donut, and show or hide the legend.
Clicking on a donut segment or on the key shows a list of alerts with that severity, priority or resolution state.
Rule vs monitor alerts
Users may not be aware of the differences between monitor and rule alerts, and that monitor alerts should not be closed. Squared Up (v3.2 onwards) uses different alert icons for rule and monitor alerts to help users be more aware of these differences.
Monitor alerts are shown by a solid icon (like the health state icon, but round) to indicate that the alert is affecting the health state of the object, because the alert has been raised by a monitor.
A monitor alert is ‘stateful’ and therefore current. A monitor changes the state of the monitor, which then triggers an alert. This means that if the monitor alert is still visible, then it is still a current issue. Once action has been taken, a user can click the reset monitor button to force SCOM to reevaluate the health of the object, and if the issue is re-detected then the alert will be reopened. When the issue is resolved the alert will be closed automatically, so monitor alerts should not be closed manually.
When changing the resolution state in Squared Up (v3.2 onwards), closed is not the default option, and if a user tries to close a monitor alert a warning is shown and confirmation is required.
Monitor alerts are used to show health state summaries for unhealthy objects in Squared Up.
A rule can trigger an alert, but not change the state of the object, or rollup to the parent. A rule alert shows that something has happened in the past, but it won’t necessarily happen again. If the issue reoccurs, then the alert RepeatCount increases. Rule alerts should be closed manually when the issue has been resolved.
Rule alerts are shown by a hollow icon (that’s different from the health state icon) the alert is not affecting the health state of the object because it has been raised by a rule. Rule alerts should be closed manually by clicking the resolution state button.
Summary of the differences between rule and monitor alerts
|Monitor alerts||Rule alerts|
|‘There is a problem’||‘There was a problem’|
|Affects health state of object||Does not affect health state of object|
|Rollup health to parent object||Does not rollup health to parent object|
|Changes health state of dashboard||Does not change health state of dashboard|
|Creates alert (normally)||Creates alert (normally)|
|Alert stays open while issue remains||RepeatCount incremented if issue reoccurs|
|Closes alert automatically (normally)||Does not close alert automatically|
|Can be manually reset back to healthy||Cannot be reset (no state)|
|Alerts should not be closed manually||Alerts should be closed manually|
Health state summaries
In Squared Up health state summaries are shown for unhealthy (yellow or red) objects. If you find several servers are showing red, then the health state summaries can help answer some of your questions:
- Why is it red?
- Is is the same reason that the others are red?
- Is it related to the application issue I’m seeing?
- Which red server is the priority?
- Do I have to click on each server to see what the problem is?
Health state summaries are shown wherever an objects health state is shown, for example the Dynamic Table tile, VADA in view and analyse mode, and in the Status tile, so you can immediately see the cause of the critical health state and spot common issues across multiple objects.
Health state summaries are not available for container objects such as groups and distributed applications (DAs), however they work excellently for objects that host things (not contain things) such as servers, devices, software, and their sub-components.
Health state summaries work by performing a lookup for monitor alerts (alerts that are affecting the health state) for each object.
For any object that is not healthy, Squared Up shows the alert that is:
- Created by a monitor (not a rule – they don’t affect health)
- Most severe (if it’s critical, it will look for a critical alert)
- Most recent
What if no health state summary is shown?
- Some monitors do not create an alert
- Perhaps the system has closed the alert and it has been groomed out of the Operations Manager database due to a retention setting. In SCOM, under Administration > Settings > Alerts the Automatic Alert Resolution tab shows you how many days after the last modified time (repeat count) from which all active alerts will be resolved, and how many days after the object is healthy that the alert will be resolved.
- Maybe a user closed the alert? The walkthrough below shows how you can show ‘recently closed alert’s to help troubleshoot this.
Walkthrough: Using alert filters to list error alerts for the current user
This walkthrough shows how to add a list of only error alerts where the owner is the currently logged on user.
On the dashboard or perspective where you want the list to appear click on the orange plus at the bottom of the screen to add a new tile.
Click on the Alerts tile button.
Click on the List button.
Give the tile a suitable title, for example
My error alerts.
Leave the scope as it is and click next to move to the filters section.
Change the severity to only show error alerts, by clicking on warning and info to deselect them.
In the owner section click on current user and any will be deselected.
Click done and the list of your error alerts are shown.
Walkthrough: Adding an additional column and using advanced criteria to show closed alerts
This walkthrough shows how to add a list of recently closed alerts to the default Alerts dashboard on the Overview menu, but you could also add this to a new perspective for particular alerts.
Browse to Overview menu and click on the Alerts dashboard.
Click on the orange plus at the bottom of the screen to add a new tile.
Click on the Alerts tile button.
Click on the List button.
Give the tile the title
Closed monitor alerts.
Leave the scope as it is and click next.
In the filters section change the source to only show monitor alerts, by clicking on rule to deselect it.
Under state click on closed so that only closed alerts are shown.
At this point the list of the most recent 5 closed monitor alerts will be shown, and you can click done if you wish. For this walkthrough we will continue with the configuration.
Leave timeframe set to last 30 days, and click next. timeframe shows alerts which were created in this time period. If you change it to 24 hours hoping to see alerts closed in the last day, you will miss alerts which were created longer ago, even if they were closed in the last day.
In the limit section change the limit to
15, and click next.
In the columns section we’re going to add in a column to show who closed the alert. Click show column title and the click the add button.
Click on the bottom item that has just been added and use the dropdown list to change from name to lastModifiedBy.
You may like to reorder the columns by dragging the grey column handle.
If the LastModifiedBy column shows
system, then this is mostly likely to be when the object changed state to become healthy, and the alert was automatically closed. If you wish you can click done at this point.
If you would like to filter out alerts that were last modified by
systemyou can use advanced criteria as described below.
Return to the the scope section of the tile and click on advanced.
In the criteria box paste in
LastModifiedBy != 'system'meaning that you do not want alerts that were last modified by
For more information about using scope > advanced > criteria see How to use criteria when scoping alerts
Walkthrough: How to recreate a monitor alert if the alert has been wrongly closed by a user
To recreate a monitor alert which has been wrongly closed you can reset the unhealthy monitor. This will set the monitor back to healthy, then when it is next reevaluated, if the problem still exists then the monitor will be changed to unhealthy and the alert will be recreated.
Click on the object that is unhealthy, but not showing a health state summary.
Click on the monitored entity perspective.
Scroll down to the children section and look for the child that is unhealthy (red).
Click on that child, then the monitored entity perspective.
Scroll down to the Monitors section and click on the red monitor.
Click on the reset button up the top right.
Click on the reset button.
Frequently Asked Questions
Can I list only particular alerts?
You can use criteria in the scope > advanced section to list alerts by name or with particular words in the name, for example
Name = 'Failed to Connect to Computer' see How to use criteria when scoping alerts
Can I improve the format of the SCOM Alert emails?
You can enable HTML email notifications in SCOM that link to the Alert in Squared Up see How to enable HTML email notifications in SCOM
Can I link an alert to a ticket in our ticketing system?
Yes, you can add a hyperlink to the Alert in Squared Up that links to a particular ticket see How to add links to an external ticketing system
Can I list alerts that have not been linked to a ticket?
You can use criteria in the scope > advanced section to list where the TicketId field is blank, for example
TicketId is NULL see How to use criteria when scoping alerts
Blog: Hey SCOM! Automatic Alert Resolution isn’t working?!