Sampa @ Work

System Center Operations Manager 2007 module information

How to include information from the data item that generates an alert in the alert description

This works for an alert generating rule.  This is an example for a generic CSV rule generated through the UI using "Create a New Rule" using "Alert Generating Rules" -> "Event Based" -> "Generic CSV Text Log (Alert)"

Here is a line from the log file that we will use for the example.

parameter1,ERROR,parameter3

To include the 1st parameter of a the Data Item, use the following expression.

$Data/EventData/DataItem/Params/Param[1]$

The full description string could look like

This is an alert about $Data/EventData/DataItem/Params/Param[1]$

The reason this works is because the data source for this rule outputs System.Event.Data data items.  The data source is System.ApplicationLog.GenericCSVLog.FilteredEventProvider.  It reads the specified logs and outputs System.Event.Data items.  Here is an example System.Event.Data that contains information from a CSV log file.  Notice that the log file parameters are nested fairly deeply in the data item.  I've marked them with underline.

<DataItem type="System.Event.Data" time="2007-05-22T10:07:41.6416394-07:00" sourceHealthServiceId="A9BB62D3-BEF2-5208-E680-1EE489235408">
  <EventOriginId>{8ED89955-E479-40A9-E83A-BB4A37A48499}</EventOriginId>
  <PublisherId>{1F68E240-153F-3990-0560-2AC472836C4A}</PublisherId>
  <PublisherName>GenericCSVLog</PublisherName>
  <Channel>GenericCSVLog</Channel>
  <LoggingComputer />
  <EventNumber>0</EventNumber>
  <EventCategory>3</EventCategory>
  <EventLevel>0</EventLevel>
  <UserName />
  <RawDescription />
  <CollectDescription Type="Boolean">true</CollectDescription>
  <EventData>
    <DataItem type="System.ApplicationLog.GenericLogEntryData" time="2007-05-22T10:07:41.6416394-07:00" sourceHealthServiceId="A9BB62D3-BEF2-5208-E680-1EE489235408">
    <LogFileDirectory>d:\genericlogs</LogFileDirectory>
    <LogFileType>Generic CSV Log File Format</LogFileType>
    <LogFileName>d:\genericlogs\generic1.log</LogFileName>
    <Params>
      <Param>parameter1</Param>
      <Param>ERROR</Param>
      <Param>parameter3</Param>
    </Params>
    <DataItem>
  </EventData>
 <EventDisplayNumber>0</EventDisplayNumber>
 <EventDescription />
</DataItem>
Published Friday, May 18, 2007 6:10 PM by sampatton

Comments

 

astromek said:

Hello Sam and thanks for the information.

I don't know if you've read the email I sent to you, but i post it here anyway in case somebody else has the same problem.

When I enter the $Data/Context/Params/Param[2]$ (which in my case would be the server logging the problem) into the description field I get an empty string. If I enter a totally wrong xpath, like $Data/Bogus/Bork[2]$ i get "$Data/Bogus/Bork[2]$" as the description so it would seem that if the xpath actually exist, i get whats in it and so on.

However, the string returned into the description is awfully empty no matter what Param[]-number i enter using the path in your post.

If i open the properties of the alert in the Alert View and choose "Alert Context" the information from the CSV data item is there and presented in a nice table like:

Field Value

1 20018

2 TEST

3

4

5 Test 5

6 ALM

7 This is a test log

8

9

10 False

Any ideas?

May 21, 2007 7:46 AM
 

chinton said:

Can you give an example of extracting the data from the TextData propery of a wmi query?  I'm specifically interested in gaining access to fields in the blocked-process-report structure returned from the query "select * from blocked_process_report" with the "\\.\root\Microsoft\SqlServer\ServerEvents\MSSQLServer" namespace.

Thanks

September 17, 2008 3:08 PM
Anonymous comments are disabled

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker