SDKAlertView
SDKAlertView displays the history and properties of the alerts created by MOM. Both resolved and unresolved alerts are included in this view.
The following table describes the columns of this view.
Column | SQL Server type | Null values allowed? | Description |
---|---|---|---|
GUID |
uniqueidentifier |
No |
The GUID identifying the MOM alert. |
ComputerName |
nvarchar(255) |
Yes |
The name of the computer that raised the alert. |
CustomField1 |
nvarchar(50) |
Yes |
The first user-defined field. |
CustomField2 |
nvarchar(50) |
Yes |
The second user-defined field. |
CustomField3 |
nvarchar(50) |
Yes |
The third user-defined field. |
CustomField4 |
nvarchar(50) |
Yes |
The fourth user-defined field. |
CustomField5 |
nvarchar(50) |
Yes |
The fifth user-defined field. |
Description |
nvarchar(2000) |
Yes |
The alert description. |
LastTimeStateModified |
datetime |
No |
The time the alert's state last changed. Values are based on the UTC standard. |
ModifiedBy |
nvarchar(255) |
Yes |
The last user to change the alert's state. AutoResolved is used for alerts that were automatically resolved. |
Name |
nvarchar(255) |
Yes |
The name and description of the alert. |
Owner |
nvarchar(255) |
Yes |
The account name that owns the alert. |
RepeatCount |
int |
Yes |
For consolidated events, the number of repeat occurrences. |
ResolutionState |
tinyint |
No |
The state of the alert. The following values are found in an unmodified MOM installation:
The New and Resolved states are required and are not editable. The other values can be removed or changed. Additional states can also be added. |
ResolvedBy |
nvarchar(255) |
Yes |
The name of the user account responsible for resolving the alert, if it has been resolved. |
Severity |
tinyint |
No |
The severity level of the alert. The following severity values are used:
|
Source |
nvarchar(255) |
Yes |
The name of the Windows service that was the source of the alert. |
TimeAdded |
datetime |
No |
The time the alert was added to the database. Values are based on the UTC standard. |
TimeLastModified |
datetime |
No |
The time the alert's state or properties last changed. Values are based on the UTC standard. |
TimeOfFirstEvent |
datetime |
Yes |
For consolidated events, the time the first event was raised. Values are based on the UTC standard. |
TimeOfLastEvent |
datetime |
Yes |
For consolidated events, the time the latest event was raised. Values are based on the UTC standard. This property is not yet implemented in MOM SP1. It remains set to the same time as the TimeofFirstEvent property. |
TimeRaised |
datetime |
No |
The time the alert was raised. Values are based on the UTC standard. |
TimeResolved |
datetime |
Yes |
The time the alert was resolved, if it has been resolved. Values are based on the UTC standard. |
Examples
The following example shows how to query the SDKAlertView view for the GUIDs of all alerts that are not yet resolved, have a severity greater than 50, and are not yet assigned to an owner.
SELECT SDKAlertView.GUID
FROM SDKAlertView
WHERE SDKAlertView.ResolutionState < 255
AND SDKAlertView.Severity > 50
AND SDKAlertView.Owner IS NULL
The following example shows a query to get the list of alerts displayed in the All Service Level Exceptions view in the MOM Administrator console. The age of the alert and its severity level are used to determine whether it represents a service level exception. You can customize the criteria by changing the time parameters of the DATEADD function.
Declare @LEVEL_INFO int, @LEVEL_BREACH int, @LEVEL_SERVICE int
Declare @STATE_NEW int, @STATE_RESOLVED int
Declare @STATE_AKNOWLEDGED int, @STATE_LEVEL1 int, @STATE_LEVEL2 int
Declare @STATE_LEVEL3 int, @STATE_LEVEL4 int
Declare @CURRENT_UTC_TIME datetime, @TIME_OFFSET int
-- severity levels
Set @LEVEL_INFO = 20
Set @LEVEL_BREACH = 60
Set @LEVEL_SERVICE = 70
-- basic resolution states
Set @STATE_NEW = 0
Set @STATE_RESOLVED = 255
-- editable resolution states
Set @STATE_AKNOWLEDGED = 85
Set @STATE_LEVEL1 = 170
Set @STATE_LEVEL2 = 180
Set @STATE_LEVEL3 = 190
Set @STATE_LEVEL4 = 200
-- GETDATE() returns the local system time, not UTC time.
EXEC master.dbo.xp_regread 'HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\TimeZoneInformation',
'ActiveTimeBias', @TIME_OFFSET OUT
Set @CURRENT_UTC_TIME = DATEADD(minute, @TIME_OFFSET, GETDATE())
-- check the severity and age of all unresolved alerts
SELECT GUID, Name, Severity, LastTimeStateModified FROM SDKAlertView WHERE ResolutionState < @STATE_RESOLVED AND
(
( Severity > @LEVEL_INFO ) AND
(
(
( Severity = @LEVEL_SERVICE OR Severity = @LEVEL_BREACH ) AND ( ResolutionState != @STATE_RESOLVED ))
OR
(( ResolutionState = @STATE_NEW ) AND ( LastTimeStateModified < DATEADD(minute, -10, @CURRENT_UTC_TIME) ))
OR
(( ResolutionState = @STATE_AKNOWLEDGED ) AND ( LastTimeStateModified < DATEADD(minute, -20, @CURRENT_UTC_TIME) ))
OR
(( ResolutionState = @STATE_LEVEL1 ) AND ( LastTimeStateModified < DATEADD(hour, -4, @CURRENT_UTC_TIME) ))
OR
(( ResolutionState = @STATE_LEVEL2 ) AND ( LastTimeStateModified < DATEADD(day, -2, @CURRENT_UTC_TIME) ))
OR
(( ResolutionState = @STATE_LEVEL3 ) AND ( LastTimeStateModified < DATEADD(day, -7, @CURRENT_UTC_TIME) ))
OR
(( ResolutionState = @STATE_LEVEL4 ) AND ( LastTimeStateModified < DATEADD(day, -30, @CURRENT_UTC_TIME) ))
)
)
The following example shows how to query the SDKAlertView view for all consolidated alerts that are not yet resolved.
SELECT GUID, ComputerName, Name, RepeatCount
FROM SDKAlertView
WHERE (RepeatCount > 1)
AND (ResolutionState < 255)
ORDER BY ComputerName
Requirements
Platforms: Requires Windows 2000 Server or later
Version: Requires MOM 2000 SP1 or later
Database: OnePoint (MOM 2000 SP1 or later) or SystemCenterReporting (MOM 2004 or later)