This article only applies to Squared Up Version 2.0. If you're looking for help with Squared Up Version 3.0, please visit our new knowledge base

This article explains how to create an expression in the Advanced Criteria option when scoping a section to show alerts.


When configuring an Alerts section the Filters section give you some basic options for filtering the Alerts returned:

Scope - Advanced - Criteria

The Scope - Advanced - Criteria section allows you to more precisely filter alerts by creating a specific expression to refine the list of alerts.

For example:

Owner = 'mydomain\user2'

Criteria will work with any Filters, but when using an expression in Criteria you may prefer to set the 'Filters' options to 'Any'.

Useful operators




does not equal



as a wild card



See the following Microsoft pages for more information about syntax and operators:

Criteria Expression Syntax


The property names are case sensitive, i.e. it must be Name, not name; ResolutionState not ResolutionstateUseful properties for use in Criteria expressions include:

Property Name  Values



Default Resolution States are:
0 = New
249 = Acknowledged
248 = Assigned to Engineering
247 = Awaiting Evidence
254 = Resolved
250 = Scheduled
255 = Closed


Severity levels for alerts:
2 = Critical/Error
1 = Warning
0 = Information


Priority levels for alerts:
2 = High
1 = Medium
0 = Low


HealthStates are:
1 = Healthy
2 = Warning
3 = Critical
0 = Unmonitored





Also see valid property names for alerts criteria: MonitoringAlertCriteria Class

Severity=2 is the same as selecting Severity of 'error' in the Filters section.

Example Criteria

Alerts you would like to see


Only new alerts ResolutionState = 0
Alerts that are not closed ResolutionState != 255
Alerts that are not resolved ResolutionState != 254 (or ResolutionState <> 254)
List warning and high priority alerts Severity=2 OR Priority=2
Alerts that are not 'information', i.e. Warning or Critical alerts Severity !=0
Alerts for objects in a particular health state MonitoringObjectHealthState = 2
Alerts for servers that are in maintenance mode MonitoringObjectInMaintenanceMode = 1
All those not in maintenance mode MonitoringObjectInMaintenanceMode = 0
Alerts with a specific owner Owner = 'mydomain\username'
Alerts with no owner Owner IS NULL
To alerts with a particular name Name = 'Failed to Connect to Computer'
Name LIKE '%f
Closed alerts where owner is not test Owner !='mydomain\test' AND ResolutionState = 255
Alerts that do not start with 'Web Application' and do not mention IIS NOT (Name = 'Web Application' OR Name like '%IIS%')
All Alerts for particular objects (MonitoringObjectPath LIKE '%Server4%' OR MonitoringObjectPath LIKE '%Server3%')

Alert Description

Searching on alert description depends on how this is written to the data warehouse by your management pack, this can be under either AlertParams or Description. When filtering on alerts you will want to use both to ensure that this captures either case. An example of filtering alerts based on their description is as follows, AlertParams LIKE '%server connection%' OR Description LIKE '%server connection%'.

See also:
How to set the Scope using the Dashboard Designer

How to use criteria when scoping objects

How to create a dashboard grouping Alerts by Severity