Neophyte
ProfessorCross-posting my partial solution again:
For Failover Clusters in Windows Server, here's a powershell propertySource that will add a category to members of clusters. It's not the complete solution, but it'll allow you to better target eventSources to eliminate some of the strain on your Collectors:
Name: Windows Failover Cluster Discovery
Group: Windows Failover Cluster
appliesTo: isWIndows()
if ( test-path "\\##system.displayname##\C$\Windows\Cluster\CLUSDB" ) {
"system.categories=ClusterMember"
}
It doesn't currently identify owners (although that can probably be done with an invoke-command { test-path "hklm:\0.Cluster" } as the owner of the cluster gets the extra Registry Cluster Hive copied during the failover. (https://blog.workinghardinit.work/2016/03/29/the-cluster-and-0-cluster-registry-hives/).
I have powershell that will identify Clusters by name and GUID and find the Nodes associated with them. I've got to figure out how to get that to create dynamic groups and populate them using properties. I'm most likely going to have to figure out how to make it be a timed script 1-2 times a day that then scans for cluster members and performs a bunch of queries using the failovercluster PS Module commandlets. Then use the REST API to create the associated structures to get them grouped so we can add clustered alerts to them and turn off their individual alerts.
Then I can apply the same kind of logic to Hyper-Visor clustering. I'm slowly chipping away at this to make it fit our business model's use case.
