How to use the Alerts tile

The Alerts tile allows you to view and action SCOM alerts on your dashboards and perspectives. This document describes how to get started with the Alerts tile.

This guide will walk you through how to configure the Alert tile. You may also like to watch the Alert Management Webinar.

Overview

The Alerts tile button (along with several other tiles) displays a little plus up the top right. This indicates that there are more tiles available from this one button.

Alerts tile

After selecting the Alerts tile you will get the choice of List or Donut.

Alerts List button Alerts Donut button

Alerts list

The Alerts dashboard on the Overview menu shows a list of error, warning and information alerts, and you can add alerts tiles to any dashboard or perspective.

Alerts Dashboard

Alerts Donut

The Donut tile shows a summary of the number of alerts either by severity, priority or resolution state.

Alerts Donut Severity

Alerts Donut Priority

Alerts Donut Resolution State

When configuring the Donut tile the grouping section allows you to select whether the donut shows severity, priority or resolution state. The display section allows you to change the size of the donut, and show or hide the legend.

Clicking on a donut segment or on the key shows a list of alerts with that severity, priority or resolution state.

Rule vs monitor alerts

Users may not be aware of the differences between monitor and rule alerts, and that monitor alerts should not be closed. Squared Up (v3.2 onwards) uses different alert icons for rule and monitor alerts to help users be more aware of these differences.

Monitor alerts

Monitor Alert

Monitor alerts are shown by a solid icon (like the health state icon, but round) to indicate that the alert is affecting the health state of the object, because the alert has been raised by a monitor.

A monitor alert is ‘stateful’ and therefore current. A monitor changes the state of the monitor, which then triggers an alert. This means that if the monitor alert is still visible, then it is still a current issue. Once action has been taken, a user can click the reset monitor button to force SCOM to reevaluate the health of the object, and if the issue is re-detected then the alert will be reopened. When the issue is resolved the alert will be closed automatically, so monitor alerts should not be closed manually.

Reset Monitor

Reset Monitor Health

When changing the resolution state in Squared Up (v3.2 onwards), closed is not the default option, and if a user tries to close a monitor alert a warning is shown and confirmation is required.

Close Monitor Alert

Monitor alerts are used to show health state summaries for unhealthy objects in Squared Up.

Rule alerts

Rule Alert

A rule can trigger an alert, but not change the state of the object, or rollup to the parent. A rule alert shows that something has happened in the past, but it won’t necessarily happen again. If the issue reoccurs, then the alert RepeatCount increases. Rule alerts should be closed manually when the issue has been resolved.

Rule alerts are shown by a hollow icon (that’s different from the health state icon) the alert is not affecting the health state of the object because it has been raised by a rule. Rule alerts should be closed manually by clicking the resolution state button.

Summary of the differences between rule and monitor alerts

Monitor alerts Rule alerts
Stateful Non-stateful
‘There is a problem’ ‘There was a problem’
Affects health state of object Does not affect health state of object
Rollup health to parent object Does not rollup health to parent object
Changes health state of dashboard Does not change health state of dashboard
Creates alert (normally) Creates alert (normally)
Alert stays open while issue remains RepeatCount incremented if issue reoccurs
Closes alert automatically (normally) Does not close alert automatically
Can be manually reset back to healthy Cannot be reset (no state)
Alerts should not be closed manually Alerts should be closed manually

Health state summaries

Health State Summary

In Squared Up health state summaries are shown for unhealthy (yellow or red) objects. If you find several servers are showing red, then the health state summaries can help answer some of your questions:

  • Why is it red?
  • Is is the same reason that the others are red?
  • Is it related to the application issue I’m seeing?
  • Which red server is the priority?
  • Do I have to click on each server to see what the problem is?

Health state summaries are shown wherever an objects health state is shown, for example the Dynamic Table tile, VADA in view and analyse mode, and in the Status tile, so you can immediately see the cause of the critical health state and spot common issues across multiple objects.

Health state summaries are not available for container objects such as groups and distributed applications (DAs), however they work excellently for objects that host things (not contain things) such as servers, devices, software, and their sub-components.

Health state summaries work by performing a lookup for monitor alerts (alerts that are affecting the health state) for each object.

For any object that is not healthy, Squared Up shows the alert that is:

  • Created by a monitor (not a rule – they don’t affect health)
  • Most severe (if it’s critical, it will look for a critical alert)
  • Most recent

What if no health state summary is shown?

  • Some monitors do not create an alert
  • Perhaps the system has closed the alert and it has been groomed out of the Operations Manager database due to a retention setting. In SCOM, under Administration > Settings > Alerts the Automatic Alert Resolution tab shows you how many days after the last modified time (repeat count) from which all active alerts will be resolved, and how many days after the object is healthy that the alert will be resolved.
  • Maybe a user closed the alert? The walkthrough below shows how you can show ‘recently closed alert’s to help troubleshoot this.

Walkthrough: Using alert filters to list error alerts for the current user

This walkthrough shows how to add a list of only error alerts where the owner is the currently logged on user.

  1. On the dashboard or perspective where you want the list to appear click on the orange plus at the bottom of the screen to add a new tile.

  2. Click on the Alerts tile button.

    Alerts tile

  3. Click on the List button.

    Alerts List button

  4. Give the tile a suitable title, for example My error alerts.

  5. Leave the scope as it is and click next to move to the filters section.

  6. Change the severity to only show error alerts, by clicking on warning and info to deselect them.

  7. In the owner section click on current user and any will be deselected.

  8. Click done and the list of your error alerts are shown.

Alert Filters

Walkthrough: Adding an additional column and using advanced criteria to show closed alerts

This walkthrough shows how to add a list of recently closed alerts to the default Alerts dashboard on the Overview menu, but you could also add this to a new perspective for particular alerts.

  1. Browse to Overview menu and click on the Alerts dashboard.

  2. Click on the orange plus at the bottom of the screen to add a new tile.

  3. Click on the Alerts tile button.

  4. Click on the List button.

  5. Give the tile the title Closed monitor alerts.

  6. Leave the scope as it is and click next.

  7. In the filters section change the source to only show monitor alerts, by clicking on rule to deselect it.

  8. Under state click on closed so that only closed alerts are shown.

    At this point the list of the most recent 5 closed monitor alerts will be shown, and you can click done if you wish. For this walkthrough we will continue with the configuration.

  9. Click next.

  10. Leave timeframe set to last 30 days, and click next. timeframe shows alerts which were created in this time period. If you change it to 24 hours hoping to see alerts closed in the last day, you will miss alerts which were created longer ago, even if they were closed in the last day.

  11. In the limit section change the limit to 15, and click next.

  12. In the columns section we’re going to add in a column to show who closed the alert. Click show column title and the click the add button.

  13. Click on the bottom item that has just been added and use the dropdown list to change from name to lastModifiedBy.

  14. You may like to reorder the columns by dragging the grey column handle.

    LastModifiedBy column

    If the LastModifiedBy column shows system, then this is mostly likely to be when the object changed state to become healthy, and the alert was automatically closed. If you wish you can click done at this point.

    If you would like to filter out alerts that were last modified by system you can use advanced criteria as described below.

  15. Return to the the scope section of the tile and click on advanced.

    Scope Advanced

  16. In the criteria box paste in LastModifiedBy != 'system' meaning that you do not want alerts that were last modified by system.

    Advanced Criteria

    For more information about using scope > advanced > criteria see How to use criteria when scoping alerts

Walkthrough: How to recreate a monitor alert if the alert has been wrongly closed by a user

To recreate a monitor alert which has been wrongly closed you can reset the unhealthy monitor. This will set the monitor back to healthy, then when it is next reevaluated, if the problem still exists then the monitor will be changed to unhealthy and the alert will be recreated.

  1. Click on the object that is unhealthy, but not showing a health state summary.

    Missing Health State Summary

  2. Click on the monitored entity perspective.

  3. Scroll down to the children section and look for the child that is unhealthy (red).

  4. Click on that child, then the monitored entity perspective.

  5. Scroll down to the Monitors section and click on the red monitor.

  6. Click on the reset button up the top right.

    Monitor Reset

  7. Click on the reset button.

    Monitor Reset Button

Frequently Asked Questions

Can I list only particular alerts?

You can use criteria in the scope > advanced section to list alerts by name or with particular words in the name, for example Name = 'Failed to Connect to Computer' see How to use criteria when scoping alerts

Can I improve the format of the SCOM Alert emails?

You can enable HTML email notifications in SCOM that link to the Alert in Squared Up see How to enable HTML email notifications in SCOM

Yes, you can add a hyperlink to the Alert in Squared Up that links to a particular ticket see How to add links to an external ticketing system

Can I list alerts that have not been linked to a ticket?

You can use criteria in the scope > advanced section to list where the TicketId field is blank, for example TicketId is NULL see How to use criteria when scoping alerts

How to use criteria when scoping alerts

How to add links to an external ticketing system

How to enable HTML email notifications in SCOM

How to change where company knowledge is saved

Squared Up Blog: Sending SCOM Alerts to Slack

Alert Management Webinar

v3.2 Release Webinar

Case study with Purdue University

Blog: How grooming and auto-resolution work in the SCOM operational database

Blog: Hey SCOM! Automatic Alert Resolution isn’t working?! label: How to use the Alerts tile keywords: alert alerting tile health state summary summaries root cause reveal resolution state status ticket ticketid LastModifiedBy FAQs FAQ criteria filter filtering autoclose autoresolution auto-close auto-resolution donut doughnut