MOM Data

  • Article

During computer and application monitoring, the data that is generated is stored in the MOM Database. Monitoring produces four types of data: event data, performance data, alert data, and discovery data.

Event Data

Managed computers log events in local event logs (Application, Security, and System), and MOM collects event information from these logs. The collected event data can be used to:

  • View operational data in the Operator console.

  • Generate reports using the Reporting Server and Reporting Database.

  • Provide a context for problems (in the form of Alerts) that are detected.

  • Provide information about MOM monitoring and management activities.

  • Provide information about computer state, which is derived from correlating data from consolidation events or missing events.

Performance Data

Numeric performance data is gathered from sources such as Windows performance counters and Windows Management Instrumentation (WMI). The collected performance data can be used to:

  • View performance data in the Operator console using different formats such as forms, lists, and graphs.

  • Generate reports using the Reporting Server and Reporting Database.

  • Identify critical threshold crossings that may indicate performance issues.

Alert Data

Alert data represents a problem that is detected on managed computers. Alert data contains the following information about a detected problem:

  • The type of entity the problem is about. This is described as a service discovery type. It could be about a Computer class or a child class that is referenced as Server Role.

  • The entity the problem is about. This is described as a computer name and the instance name of the entity, which is called the Server Role Instance. For example, the problem could be about a SQL Server Instance on a specific computer.

  • The problem area for the entity. This is referred to as the SubGroupComponent of the entity. For example, SQLAgent could be the SubGroupComponent of a SQL Server Instance.

  • The Severity of the problem. Alert severity is indicated by a level, such as Error, Critical, and Warning.

  • The Alert Name, which is a descriptive name for the problem.

  • The Alert Description provides a brief description of the problem.

  • The Problem State shows the current state of the problem. It indicates if the reported problem is still occurring.

  • The Alert Count indicates how many times the problem was reported.

  • The Alert Resolution State indicates if the problem has been acknowledged, if it has been assigned, or if it has been resolved.

  • The Alert History, contained in the knowledge base, provides a record for the alert. (The knowledge base contains a problem description, as provided by the Management Pack creator (Product Knowledge) or it can contain customer knowledge that describes the problem and its resolution.)

Alerts are the indicators that inform users about the health of managed computers. Alerts also provide the basis for the status monitoring, which the "Status Monitoring" section describes in more detail.

Alert updates

Alert data that is stored in the MOM Database is continuously updated as MOM continues to collect information about the computer that generated the alert. When a problem is detected, an alert dataitem is generated in the MOM runtime. The alert dataitem is inserted in the database as an alert that represents a new problem. If MOM detects that the problem has disappeared, MOM generates another alert dataitem to update the problem state of the original alert. Eventually, the problem state of the existing alert in the database is updated and flagged as fixed; however, you still have to acknowledge the alert by resolving it.

Alert suppression

Alert suppression is the mechanism for specifying which alerts should be considered as unique problems. As part of the rule definition that generates the alert, alert suppression fields are defined. If alert suppression is not set, every new alert generated by the MOM runtime is treated as a new problem. Alert suppression fields are used to specify the alert properties whose value should be identical if two alerts represent the same problem.

Discovery Data

Discovery data contains a snapshot of the entities discovered for a particular scope. Unlike the other operations data, discovery data is not directly exposed to the user. Discovery data is exposed as topology diagrams, computer attributes, services list, or computer lists. This data is presented in different views such as the State view. For more information about service discovery, see the "Computer Attributes and Service Discovery" section.