Thursday, November 10, 2011

Adding SCOM custom information to alert description (s) and notifications

Custom Properties for Alert Description and Notification:

Alert Description Variables:

For event Rules:
EventDisplayNumber (Event ID):             $Data/EventDisplayNumber$
EventDescription (Description):               $Data/EventDescription$
Publisher Name (Event Source):              $Data/PublisherName$
EventCategory:                                    $Data/EventCategory$
LoggingComputer:                                $Data/LoggingComputer$
EventLevel:                                          $Data/EventLevel$
Channel:                                              $Data/Channel$
UserName:                                           $Data/UserName$
EventNumber:                                      $Data/EventNumber$
Event Time:                                          $Data/@time$
 

For event Monitors:
EventDisplayNumber (Event ID):            $Data/Context/EventDisplayNumber$
EventDescription (Description):              $Data/Context/EventDescription$
Publisher Name (Event Source):             $Data/Context/PublisherName$
EventCategory:                                    $Data/Context/EventCategory$
LoggingComputer:                                $Data/Context/LoggingComputer$
EventLevel:                                         $Data/Context/EventLevel$
Channel:                                             $Data/Context/Channel$
UserName:                                          $Data/Context/UserName$
EventNumber:                                     $Data/Context/EventNumber$
Event Time:                                         $Data/Context/@time$

For Repeating Event Monitors:
EventDisplayNumber (Event ID):              $Data/Context/Context/DataItem/EventDisplayNumber$
EventDescription (Description):                $Data/Context/Context/DataItem/EventDescription$
Publisher Name (Event Source):              $Data/Context/Context/DataItem/PublisherName$
EventCategory:                                      $Data/Context/Context/DataItem/EventCategory$
LoggingComputer:                                  $Data/Context/Context/DataItem/LoggingComputer$
EventLevel:                                            $Data/Context/Context/DataItem/EventLevel$
Channel:                                                $Data/Context/Context/DataItem/Channel$
UserName:                                             $Data/Context/Context/DataItem/UserName$
EventNumber:                                         $Data/Context/Context/DataItem/EventNumber$
  
Performance Threshold Monitors:
Object (Perf Object Name):                    $Data/Context/ObjectName$
Counter (Perf Counter Name):                $Data/Context/CounterName$
Instance (Perf Instance Name):              $Data/Context/InstanceName$
*Value (Perf Counter Value):                  $Data/Context/Value$ 
**Last Sampled Value                            $Data/Context/SampleValue$
*Value will show the actual performance value for simple and avg monitors.  It will show number of samples for consecutive threshold monitors.
**Last Sampled Value works to show the last value evaluated in a consecutive sample value monitor.

Service Monitors:
Service Name                         $Data/Context/Property[@Name='Name']$
Service Dependencies             $Data/Context/Property[@Name='Dependencies']$
Service Binary Path                $Data/Context/Property[@Name='BinaryPathName']$
Service Display Name             $Data/Context/Property[@Name='DisplayName']$
Service Description                 $Data/Context/Property[@Name='Description']$

Logfile Monitors:
Logfile Directory :                  $Data/Context/LogFileDirectory$
Logfile name:                        $Data/Context/LogFileName$
String:                                  $Data/Context/Params/Param[1]$

Logfile rules:
Logfile Directory:                   $Data/EventData/DataItem/LogFileDirectory$
Logfile name:                        $Data/EventData/DataItem/LogFileName$
String:                                  $Data/EventData/DataItem/Params/Param[1]$

General:
To show the name of the Windows Computer host:
$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$
Notifications:
$Data/Context/DataItem/AlertId$                                       The AlertID GUID
$Data/Context/DataItem/AlertName$                                   The Alert Name
$Data/Context/DataItem/Category$                                    The Alert category
$Data/Context/DataItem/CreatedByMonitor$                       True/False
$Data/Context/DataItem/Custom1$                                     CustomField1
$Data/Context/DataItem/Custom2$                                    CustomField2
$Data/Context/DataItem/Custom3$                                    CustomField3
$Data/Context/DataItem/Custom4$                                    CustomField4
$Data/Context/DataItem/Custom5$                                    CustomField5
$Data/Context/DataItem/Custom6$                                     CustomField6
$Data/Context/DataItem/Custom7$                                     CustomField7
$Data/Context/DataItem/Custom8$                                     CustomField8
$Data/Context/DataItem/Custom9$                                     CustomField9
$Data/Context/DataItem/Custom10$                                  CustomField10
$Data/Context/DataItem/DataItemCreateTime$                      UTC Date/Time of Dataitem created
$Data/Context/DataItem/DataItemCreateTimeLocal$               LocalTime Date/Time of Dataitem created
$Data/Context/DataItem/LastModified$                                 UTC Date/Time DataItem was modified
$Data/Context/DataItem/LastModifiedLocal$                          Local Date/Time DataItem was modified
$Data/Context/DataItem/ManagedEntity$                               ManagedEntity GUID
$Data/Context/DataItem/ManagedEntityDisplayName$             ManagedEntity Display name
$Data/Context/DataItem/ManagedEntityFullName$                   ManagedEntity Full name
$Data/Context/DataItem/ManagedEntityPath$                          Managed Entity Path
$Data/Context/DataItem/Priority$                                          The Alert Priority Number (High=1,Medium=2,Low=3)
$Data/Context/DataItem/Owner$                                           The Alert Owner
$Data/Context/DataItem/RepeatCount$                                  The Alert Repeat Count
$Data/Context/DataItem/ResolutionState$                               Resolution state ID (0=New, 255= Closed)
$Data/Context/DataItem/ResolutionStateLastModified$                 UTC Date/Time ResolutionState was last modified
$Data/Context/DataItem/ResolutionStateLastModifiedLocal$          Local Date/Time ResolutionState was last modified
$Data/Context/DataItem/ResolutionStateName$                       The Resolution State Name (New, Closed)
$Data/Context/DataItem/ResolvedBy$                                     Person resolving the alert
$Data/Context/DataItem/Severity$                                          The Alert Severity ID
$Data/Context/DataItem/TicketId$                                           The TicketID
$Data/Context/DataItem/TimeAdded$                                       UTC Time Added
$Data/Context/DataItem/TimeAddedLocal$                               Local Time Added
$Data/Context/DataItem/TimeRaised$                                      UTC Time Raised
$Data/Context/DataItem/TimeRaisedLocal$                              Local Time Raised
$Data/Context/DataItem/TimeResolved$                                  UTC Date/Time the Alert was resolved
$Data/Context/DataItem/WorkflowId$                                      The Workflow ID (GUID)
$Data/Recipients/To/Address/Address$                                    The name of the recipient
The Web Console URL:
$Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/WebConsoleUrl$
The principalname of the management server:
Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/PrincipalName$