Thanks for suggestions ... that still means I need to enable same alert 18 times for each vCenter, a very useful function would be to be able to call a filter in LogInsight alarm definition (%filter%). Example: default vsphere alert vCenter Red Alert ... could be defined like this ": vCenter %source% triggered red alert  for %vmw_vc_alarm_type% that would be wonderful. Andrei

Hmm, will what you are stating is possible, especially for email so perhaps you could use it for vC Ops as well. If you construct a query and then group by BOTH source and vmw_vc_alarm_type then create an alert using the last radio button for "Raise an alert" then with email you will notice that you get a table view where you can easily determine from which VC the alarm came from. In the case of vC Ops, you could trigger the same alarm to some global vC Ops object (e.g. World) and then send your SNMP trap. I believe this will provide the same functionality. Again, LI is looking to improve the functionality in a future release so stay tuned!

Thanks for reply! It`s fine for email but still for VCOPs the only  thing you get is the Alarm name (fixed string) and is raised as a notification event. If I could add the dynamic attribute (%field%) in alarm name it would help, otherweis I don`t see how. The notification event looks in vcops like this: Log  Insight found x events matching the criteria for alert "Loginsight defiled  alert  name". And this is identified as "description". While translating SNMP messages in VCO I can get and interpret: Description, Event Source, Object Name, time , Res Kind. The only thing that comes from loginsight is the description and that is alert name ... Maybe I`m missing something. Regards.