How can we include event ID description in an alert. it is possible in 5.2 with windows event log monitor? or need to create a script monitor shows the description as a message ?
There is a macro ${WindowsEventMessages} which is intended for detailed info about events matched by appropriate Windows Event Log Monitor. It contains not only event messages but also other details (like event ID).
If it does not suit your needs and you are interested only in one specific field then it is doable by custom SQL macro, but first of all you need to decide how would you like to handle cardinality problem (alert is bound to monitor, but there may be multiple events from last poll returned). So if you are for example interested in event ID of newest event captured by the monitor, then your macro could look like ${SQL:SELECT TOP 1 EventCode FROM APM_WindowsEvent_Detail WHERE ComponentID = ${ComponentID} ORDER BY TimeGeneratedUtc DESC}
Thanks Petr.
The ${WindowsEventMessages} macro does not seem to be working for me -- I have an alert set up for an Application monitor that is checking for two Event log codes. When the codes occur it changes the monitor to critical. However, the alert simply passes the macro as if it were text (i.e. the body of the alert is "${WindowsEventMessages}" (without quotes.)
Can you post a screenshot of the Alert Trigger Condition as you have it defined?
Thanks!
Hi All,
This will works. I have tested and its working fine in my environments. Good Job.
