SCOM Bi-Directional Query (Close Alert)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2017 04:24 PM
Hello,
Have recently started working on the event management plug-in with SCOM and our pre-production ServiceNow instance. We have successfully configured the SCOM integration and the MID server is retrieving SCOM alerts and raising them as events.
I do have an issue with how ServiceNow handles closing of SCOM alerts though, once an incident is created in ServiceNow and closed in ServiceNow the alert is also closed in SCOM.
The issue with this is that if the root cause of the problem isn't actually resolved (Disk space would be a good example), if an alert is raised in SCOM for low disk space, for this example we can say 100mb of free disk space left, if the incident/alert is closed in ServiceNow without actually freeing up disk space the alert would be closed in SCOM.
The healthstate of the disk instance in SCOM would still be in a warning or critical state and a new alert would not be raised in SCOM since the state of the disk has not changed.
If anyone else has integrated SCOM/SNOW with the bi-directional setting enabled also noticed something similar and if so, has anyone raised a support request around this?
Thanks.
- Labels:
-
Event Management
- 1,036 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-08-2019 03:19 PM
I know this is an old post but for others searching, this is a known issue. One solution is to rewrite the Invoke-UpdateAlert.ps1 script to track down the monitor and reset it rather then close the alert.
We are working on this issue right now so I don't have a good example to provide. We are also having issues from alerts that are from dependency roll-up monitors. Resetting these health states is proving to be difficult to track down.
