Elements

The probe breaks event data down into tokens and parses them into elements. Elements are used to assign values to ObjectServer fields; the field values contain the event details in a form that the ObjectServer understands.

Timestamp formats

Some elements described in this section contain timestamps that are displayed in UNIX time (also known as POSIX time). UNIX time is a standard system of time notation, defined as the number of seconds elapsed since 00:00:00 Coordinated Universal Time (UTC) on January 01, 1970.

Some elements contain timestamps that are displayed as UTC. UTC times are given in the standard format specified by RFC 3339, as follows:

<date-fullyear>-<date-month>-<date-mday>T<time-hour>:<time-minute>:<time-second>.<time-secfrac>Z

The <time-secfrac> portion of the timestamp is given to seven digits.

For example: the timestamp 2011-04-12T23:20:50.5200000Z represents 20 minutes and 50.5200000 seconds after the 23rd hour of April 12th, 2011 in UTC.

Elements generated by the probe

The following table describes the elements that the probe generates. Not all the elements described are generated for each event. The elements that the probe generates depend on the event type.

Table 1. Elements

Element name

Element description

$connectorId

This element contains the identifier of the connector that the probe registered with Microsoft SCOM 2012.

$connectorStatus

This element identifies the status of an alert in relation to the connector. This element takes the following values:

NotMarkedForForwarding - the alert is not being managed by a connector.

Pending - the alert is waiting to be forwarded.

SuccessfullyForwarded - the alert has been successfully forwarded.

$context

This element contains the context of the alarm in XML format.

$context_tagName

This element contains the content of a field in the context of the alarm, where tagName is the name of the field. The field can contain a property name, a parameter index (such as Param1), or any other field name.

$customFieldn

This element contains data from a user-defined field, where n is an integer from 1 to 10 that represents one of ten available custom fields.

$description

This element shows the description of the alarm.

$displayString

This element contains the string to display for the alarm.

$id

This element identifies the unique identifier of the event.

$isMonitorAlert

This element contains a Boolean value that indicates whether the alert was generated by a monitor.

$lastModified

This element shows the time (UTC) of the most recent update to the event.

$lastModifiedBy

This element contains the ID of the last user to modify the event.

$lastModifiedByNonConnector

This element shows the time (UTC) of the most recent update to the event done through the CLI.

$lastModifiedByNonConnectorUTC

This element shows the time (as UNIX time) of the most recent update to the alert done through the CLI.

$lastModifiedUTC

This element shows the time (as UNIX time) of the most recent update to the event.

$maintenanceModeLastModified

This element shows the time (UTC) at which the maintenance mode was last modified.

$maintenanceModeLastModifiedUTC

This element shows the time (as UNIX time) when the maintenance mode was last modified.

$managementGroupId

This element shows the identifier of the management group.

$managementGroupName

This element contains the name of the management group.

$managementPackCategoryType

This element indicates the category type of the management pack.

$monitoringClassId

This element contains the identifier of the monitoring class.

$monitoringObjectDisplayName

This element shows the name displayed for the monitoring object.

$monitoringObjectFullName

This element contains the full name of the monitoring object.

$monitoringObjectHealthState

This element shows the health status of the monitoring object associated with an alert. This element takes the following values:

Error - an error condition has occurred.

Success - the object is in the correct operational state.

Uninitialized - the object is in an un-initialized state.

Warning - a warning condition has occurred.

$monitoringObjectId

This element contains the identifier of the monitoring object.

$monitoringObjectInMaintenanceMode

This element contains a Boolean value that identifies whether the monitoring object is in maintenance mode.

$monitoringObjectName

This element shows the name of the monitoring object.

$monitoringObjectPath

This element contains the directory path to the monitoring object.

$monitoringRuleId

This element contains the identifier of the rule set for the monitoring object.

$name

This element shows the name of the alert.

$netbiosComputerName

This element contains the NetBios name of the computer that raised the alert.

$netbiosDomainName

This element contains the domain name of the computer that raised the alert.

$owner

This element shows the User ID of the owner of the event. The User ID is usually a user account.

$paramCount

This element shows the total number of parameters for the alert.

$paramn

This element shows a parameter of the alert, where n is the total number of parameters minus one ($paramCount – 1).

For example, if there is a total of three parameters for the alert, then three separate elements are created: $param0, $param1, and $param2.

$principalName

This element shows the principal name of the computer that this alert was created for.

$priority

This element indicates the priority of an alarm as defined by Microsoft SCOM 2012. This element takes the following values: High, Low, Normal.

$problemId

This element contains the identifier of the problem. If the value of $isMonitorAlert is true, $problemId is set to the globally unique identifier (GUID) of the monitor associated with the alert.

$repeatCount

This element shows the number of times this alert has occurred.

$resolutionState

This element identifies the resolution state of the alert. This element takes values in the range 0 to 255 inclusive.

$resolvedBy

This element shows the name of the user account responsible for resolving the alert. It appears when the alert is resolved.

$severity

This element indicates the severity of the alert as defined by Microsoft SCOM 2012. This element takes the following values:

Error - the alert occurred because of an error.

Information - the alert contains information about the system.

MatchMonitorHealth - the alert severity matches the health state of the monitor that is associated with the alert.

Warning - the alert contains a warning.

$siteName

This element shows the name of the site where Microsoft SCOM 2012 is installed, as given in the header of the alarm buffer display.

$stateLastModified

This element shows the time (UTC) at which the state of the alert was last modified.

$stateLastModifiedUTC

This element shows the time (as UNIX time) at which the state of the alert was last modified.

$ticketID

This element shows the identifier of the ticket in which the alert is described.

$timeAdded

This element contains the time (UTC) at which the alert was added to Microsoft SCOM 2012.

$timeAddedUTC

This element shows the time (as UNIX time) at which the alert was added to Microsoft SCOM 2012.

$timeRaised

This element shows the time (UTC) at which the alert was raised.

$timeRaisedUTC

This element shows the time (as UNIX time) at which the alert was raised.

$timeResolutionStateLastModified

This element contains the time (UTC) at which the resolution state of the alert was last modified. Changes to the ResolutionState of the alert will cause this element to be updated.

$timeResolutionStateLastModifiedUTC

This element contains the time (as UNIX time) at which the resolution state of the alert was last modified. Changes to the ResolutionState of the alert will cause this element to be updated.

$timeResolved

This element contains the time (UTC) at which the alert was resolved.

$timeResolvedUTC

This element contains the time (as UNIX time) at which the alert was resolved.