I've been asked to find a way to export all open alerts from SCOM to our monitoring system (don't ask).

Now, if I look in the SCOM GUI under Active Alerts I can see 7 Critical and 20 Warning alerts.

As I understand it this should return only the critical alerts

get-alert -criteria 'Severity = "2" AND ResolutionState="0"' | select name

However, it returns double that!  Some of the alerts I'm not seeing in the GUI too (unless I'm looking in the wrong place, I am very new to SCOM admittedly).

Any advice?

Two possible things...

1. Your view of active alerts is filtering out devices.
and/or
2. When you run your command, you need to make sure you are in the proper place in the OpsMgr provider.

I don't have VM access right now, but take a look at:
PS>get-alert -criteria |select netbioscomputername # I think

Check the computer names against what you see in the GUI.

Another possibility:

Add the timeraised field to your Select:

get-alert -criteria 'Severity = "2" AND ResolutionState="0"' | select name, timeraised

Now, in the console, under "Active Alerts" look at ""Show at least xxx of data" (right above the "Active Alerts" - Mine is set to "Show at least 1 week of data" - I sh9ow 5 Critical, and get-alert -criteria 'Severity = "2" AND ResolutionState="0"' | select name shows 5

If I set mine to "Show at least 3 days of data", the console shows 3 critical

Karl

Karl,

That was it! Told you I was new to SCOM ;)

Now I just have to figure out how to only show alerts raised in the last x minutes.

Hello:

This will retreive all alerts newer than 8 minutes:
Get-Alert -criteria 'Severity = "2" AND ResolutionState="0"' |where-object {$_.TimeRaised -gt (get-date).addminutes(-8).ToLongDateString()}
Well, at least HERE it will, you may need to add .ToLocalTime() to the Get-Data like so:
(get-date).addminutes(-8).ToLocalTime().ToLongDateString()
)

Karl

Actually, it's a bit more complicated than that ;) The time in SCOM is dd/mm/yyyy hh:mm. However, the datetime format on the server is in longformat (and in French!) so it's trying to compare, say, 12/02/2010 09:00 to Jeudi 12 fevrier 2010 9:24:53

I hate working with datetime values

This is strange.

Running Get-Date -f g produces a datetime of dd/mm/yyyy HH:mm

However, this code produces a result in longdate format. Why is that?

[datetime]$a=Get-Date -f g
$a.addminutes(-8)

Never mind, figured it out. I keep forgetting my .NET syntaxes ;)

[datetime]$DateNow=Get-Date -f g
$DateInThePast = $DateNow.AddMinutes(-5).ToString("dd/MM/yyyy HH:mm")
Get-Alert -criteria 'Severity = "2" AND ResolutionState="0"' |where-object {$_.TimeRaised -gt $DateInThePast } |Select Name,Description,monitoringobjectdisplayname | fl *

I'm glad you got it working - I really need to learn more about localization.

Karl

Like I said, I forgot all about the .NET ToString overloads for date formatting ;) I was trying all sorts of fancy things with Parse and ParseExact and localisation before remembering I could just force the date to be in whatever format I wanted.