O R G A N I C / F E R T I L I Z E R: 08.15

Aug 18, 2015

OpsMgr: Where Are My Events?

Yeah. I know. We’re late to the party. We just got OpsMgr 2012 rolled out. If you want to skip the story time, just go to the TL;DR section.

So, one of the first times I opened the console, I realized there were some events I was looking for that I wasn’t able to find. After carefully combing the console (read: frantically clicking on crap) I came to the realization that no matter which event view I chose, it was restricted to one day.

After talking with one of my engineers, he suggested looking at this article http://www.opsman.co.za/how-to-search-for-more-then-500-objects-in-the-scom-console-group-and-report-add-objects-fields which seems to be referring to searching objects. It did, however, lead to a very useful registry key:

HKEY_CURRENT_USER\Software\Microsoft\Microsoft Operations Manager\3.0\Console\ConsoleUserSettings

I don’t know what most of these settings do and quite frankly don’t want to figure it out. There are, however, two registry values of particular interest:

  • AlertViewTimeSpan | 6048000000000
  • EventViewTimeSpan | 864000000000

image

They’re pretty self-explanatory -- at least the function. Out of the box, the in-console alerts display pretty much the whole range of what’s captured.

So far as I can tell and if the internet holds true:

  • 10,000,000 ticks in a 1 second
  • 86,400 seconds in 1 day

That means the Alert view value translates to 7 days, and the Event view value translates to 1 day. Eureka.

 

[ T L ; D R ]

All you have to do is take the existing QWORD value in the EventViewTimeSpan and multiple it by the number of days that you’re interested in. Keep in mind, this applies to all event views as there is no way to limit the date range for event views (that I know of.)

Aug 13, 2015

how to retrieve your ip address with powershell...

update: here is a new method using system.net.dns as noted here:

[system.net.dns]::gethostaddresses("").ipaddresstostring

 

update: this is how it’s performed in powershell v3 as demonstrated here.

(get-netadapter | get-netipaddress | ? addressfamily -eq 'IPv4').ipaddress

 

update: this is by far the easiest.

PS C:\temp> (gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null }).ipaddress
192.168.1.101

 

 

are you laughing yet?  i know you probably find this topic amusing.  it's really interesting though.  whenever you get over it, i'll do this in the standard cmd.exe interpreter and then in powershell to show you what kind of coolness powershell does.

done?  okay, good.  this is an interpretation of a demo that bob wells did at our smug meeting.  hope you like it.

i should tell you, it's not as simple as the title would lead you to believe.  i like doing that little slight-of-hand thing since it gives the impression that i'm painting a very easy target on my back for your criticism (though it's probably true in other ways)!  the idea is that we want to retrieve just the ip address.  so here we go...

first of all, let's see how you'd get an ip address out of ipconfig.  since i can't get bob's method of regular expression to work, i created my own for this simple, little demo.  following is a series of commands and results to get to the final product. 

to start with, let's get the results of ipconfig and use findstr to pull out any lines that look like an ip address:

C:\temp>ipconfig | findstr [0-9].\.

   IPv4 Address. . . . . . . . . . . : 192.168.1.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1


alrighty, now we have a preliminary list of the addresses we want to use.  problem is, we need to strip it down to only the ip address, getting rid of the subnet mask and default gateway.  we can achieve this by passing the echoed statement back through findstr looking for the word address.  something like this:
C:\temp>for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @echo %a | findstr "Address"

   IPv4 Address. . . . . . . . . . . : 192.168.1.101


so far, so good.  now let's get the ip address only.  we take the stuff from before and use it to the for command again to split everything with the delimiter ":", which gives us two tokens.  echoing the second one, we get the ip address:
C:\temp>for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @for /f "tokens=1,2 delims=:" %i in ('@echo %a ^| findstr "Address"') do @echo %j

 192.168.1.101



ah crap!  see that?  there's a space we have to deal with!  to get rid of it, we'll pass it yet again through a for loop.  you see, the default delimiter of a for loop command is space and tab.  when we pass it back through, we just echo it back:

C:\temp>for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @for /f "tokens=1,2 delims=:" %i in ('@echo %a ^| findstr "Address"') do @for /f %o in ('@echo %j') do @echo %o

192.168.1.101

 

and finally... we arrive at the results we were hoping for.  finally.

 

okay, let's do the same thing in powershell this time.  maybe we'll find it a little easier...

PS C:\temp> ipconfig | findstr [0-9].\.

   IPv4 Address. . . . . . . . . . . : 192.168.1.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

 

so far the results look about the same.  unlike cmd.exe we're not just pushing around text.  in this case, the data is coming back as a string object.  when we run this through powershell, we can actually pull stuff out based on the index of the array.  since we know address is first, we can just call 0 like this:

PS C:\temp> (ipconfig | findstr [0-9].\.)[0]

   IPv4 Address. . . . . . . . . . . : 192.168.1.101

 

hmmm.  that was easy, but we're not done yet.  from here, we need to just retrieve the ip address.  the easiest way to do this is to split the contents (truncated it):

PS C:\temp> ((ipconfig | findstr [0-9].\.)[0]).Split()

IPv4
Address.
.
.
.
:
192.168.1.101

 

output is pretty ugly in that format, isn't it?  luckily, all we need is the last value.  just as 0 is the index which indicates the first member of an array, we can use -1 to indicate the very last one.  in this case, the split function moves the ip address to the very end.  now we can capture that array member and bring it back.  check it out:

PS C:\temp> ((ipconfig | findstr [0-9].\.)[0]).Split()[-1]

192.168.1.101

 

isn't that cool?

 

here's a couple of other things that bob demonstrated.  i'm sure you can figure them out on your own though.  no point in be boring you with my narrative:

[MATH]::Round(((Get-WmiObject win32_computersystem).totalphysicalmemory / 1gb),2)

foreach($file in Get-ChildItem){$size =+ $file.length}