Get distributed application from scom alert

PowerShell
1

Hi,

I am trying to find the impacted distributed application starting from an alert with powershell.

Can anyone help me with this?

Kind regards,
Luc

2

Hi Luc - I’m certainly interested to see if there is a solution here but I think this will be challenging in the direction of SCOM alert → Distributed Application.

The alert can be mapped to the target object but then how do you map the target object to a DA (which is essentially a group)? The target object which may have a hosting relationship at a number of levels and the host needs checking against each group that it could be a member of potentially nested groups under the Distributed Application.

The way I’ve “sort of” seen this done in the first is highlighted towards the end of Keith’s presentation here - https://youtu.be/yEjRj8WPNJ8?t=3217 - where you have a custom property of business service and can then pull back all alerts with a specific property value. It does require a defined way of monitoring \ discovery which is what Keith describes earlier in the presentation.

Sorry I can’t offer a quicker \ neater solution.

Graham

3

An update - this appears to work … as usual with my scripts, it comes without warranty and use at your own risk but I’m happy to help fine tune it or investigate any errors. E.g. There is no error checking and I’m not convinced it is always listing all Distributed Applications for an alert (where it impacts more than one DA). Performance might also be an issue … I’ve only tested in a lab with 6 servers.

Load the OperationsManager module

Import-Module OperationsManager

Connect to the SCOM management group

$mg = New-SCOMManagementGroupConnection “******************************”

Replace with your specific Alert ID

$alertId = “***********************************”

Retrieve the alert

$alert = Get-SCOMAlert -Id $alertId

Get the monitoring object associated with the alert

$monitoringObject = Get-SCOMClassInstance -Id $alert.MonitoringObjectId

if ($monitoringObject -ne $null) {
# Retrieve the class representing Distributed Applications
$daClass = Get-SCOMClass -Name ‘System.Service’

# Retrieve all instances of Distributed Applications
$distributedApps = Get-SCOMClassInstance -Class $daClass

# Initialize an array to hold matching distributed applications
$matchingDAs = @()

# Iterate through each distributed application
foreach ($da in $distributedApps) {
    # Get all related monitoring objects (components) of the distributed application
    $components = $da.GetRelatedMonitoringObjects("Recursive")

    # Check if the alert's monitoring object is among the components
    if ($components | Where-Object { $_.Id -eq $monitoringObject.Id }) {
        $matchingDAs += $da
    }
}

# Output the matching distributed applications
$matchingDAs | Select DisplayName, HealthState

} else {
Write-Host “Monitoring object not found for the alert.”
}