SCOM Alerts to elasticserarch

Has anyone built a connector to send scom alerts to elasticsearch or a syslog system?


you can send scom alerts to OMS, which is similar to elasticsearch?


We forward alert data to Splunk which is similar. I don’t know elasticsearch, but i the splunk case we forward the events trough the splunk angent based on a PowerShell script. For each property we want to use in splunk we create Fields that splunk can read.

We are unable to use OMS as it go outside of our network.

it very similar, only different it use opensource agents or you just forward the messages as syslog. Do you have a copy of that powershell script? we might be able to tweak it for our needs.

Is this the solution found on Splunk website?

Are you satisfied with that?

I found some problems with it:

  • Not best practice use of SCOM cmdlets
  • Only selects on TimeAdded property (what about updates)

Or do you have another experience?