Hi, I was wondering if I can change the severity of an alert with powershell.
We have some custom alerts that where raised with a severity of informational. When that alert exists let’s say for about 15 minutes, I want the severity becomes in a warning state and when the warning state exists for 1 hour, I want the severity to critical.
Maybe I can run this powershell in a notification.
Is it possible to do this?
Kind regards,
Luc
I’m not aware of any way of changing the severity of an alert after it has been raised.
If you override a monitor/rule severity this only affects future alerts, which leads me to believe that this is static.
However as an alternative, I have seen people set up monitors to raise new alerts based on other alerts. E.G. if there are more than 5 open alerts of a certain type raise a warning. Could probably use a similar approach to check for alerts open after a certain length of time.
You could just create a new Windows Event Log Trap alert based on the Information Event ID and Source…
[SCOM] Create Monitor Based on Event Viewer Log • Infront Consulting Group APAC
Giving it the severity you prefer and using the Alert suppression accordingly