The following are typical situations:
- I get a colleague or a customer telling me “I am having a problem and the SCOM agent is showing 21037 events and 20002 events. What’s wrong with it?”
- I want to tune an OpsMgr environment and reduce load on the database by turning off a few event collections, as my friend Kevin Holman suggests here http://blogs.technet.com/kevinholman/archive/2009/11/25/tuning-tip-turning-off-some-over-collection-of-events.aspx .
- I am analyzing, sorting and grouping Events with Powershell like I have written on my blog lately http://www.muscetta.com/2009/12/16/opsmgr-eventlog-analysis-with-powershell/ but I can’t read those long descriptions properly.
- I exported an EVT from a customer environment and I load it on a machine that does not have OpsMgr message DLLs installed – all I see are EventIDs and type (Warning, Error) – but no real description – and I still want to figure out what those events are trying to tell me.
Getting to the point: I, like everyone – don’t have every OpsMgr event memorized.
This is why I thought of building this spreadsheet, and I hope it might come in handy to more people.
The spreadsheet contains an “AllEvents” list – and then the same events are broken down by event source as well:
When you want to search for an events (in one of the situations described above) just open up the spreadsheet, go to the “AllEvents” tab, hit CTRL+F (“Find”) and type in the Event ID you are searching for:
And this will take you to the row containing the event, so you can look up its description:
The description shows the event standard text (which is in the message DLL, therefore is the part you will not see if opening an EVT on another machine that does not have OpsMgr installed), and where the event parameters are (%1, %2, etc – which will be the strings you see in the EVT anyway).
That way you can get an understanding of what the original message would have looked like on the original machine
0 comments:
Post a Comment