Let me start by saying there are several blogs out there with different scripts and methods describing how to do this. I decided to incorporate a few, add some of my own code and checks, and provide you with a good, in-depth post on how to utilize this invaluable clean up automation.
In most environments where I’ve consulted, one of the first questions I ask when I see a fairly clean active alert view in the console is “have you been closing alerts manually?”, directly followed by the obligatory “do you know the difference between a rule and a monitor?”. We’ve all heard that question 100 times, right? If not, you are probably guilty 🙂 I won’t dig too deep into that topic in this post, but here is the high level: Don’t manually close monitors!
If you do want to dig deeper into how to tell if an alert is generated by a rule or monitor and/or what the differences are, feel free to hit that post here: https://scomanswers.wordpress.com/2015/03/04/scom-rule-vs-monitor/
Back to the topic at hand. In the aforementioned environments above, in most cases the engineer immediately wants to know how to rectify the issue, and how to address it moving forward. Depending on how bad the issue is, resetting the environment using maintenance mode works well if done carefully and off-hours, but preferably, we can use a script to reset manually closed monitors and automate it to moving forward. Let’s dig into option two!