Windows System Event Log "message" details not accurate
We are using the defaultWindows System Event Log event source and having those errors route through a Teams integration. When tested fromWindows System Event Log event source the Event Logging displays the entire “message” detailing the eventID reason etc etc. When looking in the Alerts section of the GUI it also shows the entire “Message” section with details. However when the alert shows up in Teams its dumbed down and useless. We get the following. Message: error - HOSTNAME Windows System Event Log The Teams integration is setup identically to the Event Source Alert message as seen below. Anyone know why ##Message## is getting overwritten with useless info instead of the actual message details from the Event? Host: ##HOST## Eventsource: ##EVENTSOURCE## Windows Event ID: ##EVENTCODE## Message: ##MESSAGE## Detected on: ##START##
Schedule SDT for specific events within a EventSource??
Hello everyone, We've multiple Event Sources setup (each one of them covers multiple events (different sources & event IDs). They're kinda in the same category but they cover different events (example Backup Related Events - within those there'smultiple applications, event IDs, etc...). Our question here comes if we need to filter a specific event (within one of those Event Sources) on a specific period of the day. For example, ServerA is returning some events at 2AM EST but those are related with a scheduled job that occurs daily, one of our clients requested us to filter those events (daily from 2AM to 2:20 AM EST). Is there any way to do an SDT (but with a specific criteria)? Without filtering the whole Event Source (that contains more events that shouldn't be suppressed at that time). The reason we've multiple events within a event source is to don't create a lot of Event Sources (thinking on the WMI usage here). We have multiple events on the same Event Source, that way we don't do so many WMI queries. Just asking because in our old monitoring tool we were able to specify specific criteria on the suppression rule(s) & this is really important for us (since we have a lot of those requests). Appreciate the help!Event Source 'Liebert_Condition_Events' concern
Hello, We've noticed the out of the box event source 'Liebert_Condition_Events' is triggering alarm where the actual date of the event is in the future (example below): NOTE: Blurred the device name (in order to protect our client information) I've already accessed the device in question & the system time is correct. Could this be an issue with the data source 'timestamp' handling? Or there's another thing that I might be missing? Thank you!