How can I quickly see who closed an alert in SCOM 2016

I need to be able to see quickly who closed an alert in the operations or web console for SCOM 2016. Users are set up as Operators role and can close alerts. Is there a quick way to tell who closed the alert whether it be a user or the system itself by automatic means?
BeallsDesktopTeamAsked:
Who is Participating?
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Oh, I see.  I think it can be added to the closed alert email...
Test this in your test environment:
In Administration/Notifications/Channels -- Modify your email channel (or set up a new one)
  On the format page, within the Email message portion, go down to the portion of the email alert format you want the closer to be added... on the right side of that page (in my SCOM 2012 instance anyway), there's a arrow that allows things to be added.  Add "Alert Last Modified By".
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I don't have 2016, but assuming it's materially the same as 2012, play with this against the DataWarehouse database:
select * from Alert.vAlertResolutionState ars 
inner join Alert.vAlertDetail adt on ars.alertguid = adt.alertguid 
inner join Alert.vAlert alt on ars.alertguid = alt.alertguid
  where AlertName like '<beginning of the alertname you're looking at>%' AND
        ResolutionState=255

Open in new window


And look at the  StateSetByUserId field.

(And base script scarfed from kevinholman's blog.)
0
 
BeallsDesktopTeamAuthor Commented:
Thank you. This works for me as an admin with access to the DB.
I guess I should have worded the question a little better. What I need to accomplish for the team closing the alerts is for them to see who closed the alert within their own team, not me looking up for them. Is there a way to include the closed alert details in a dashboard, in the closed alert email, or would it have to be queried in the DB? I'm new to SCOM so this is all uncharted territory for me :)
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
To add it to an alert panel... you'll need an alert panel which includes Closed alerts (in this case), but from the panel, you should be able to pull up "Tasks"/"Personalize View" and add the "Last Modified By" and/or "Resolved By" fields.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Three methods of displaying the information requested have been provided.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.