Ignoring data from a failed sampling

Hi Everyone,

I am using the winexe command along with wmic to scan Windows Event Logs for certain messages. Basically, my command looks like something like this, where it counts the number of times a certain message appears:

winexe -U '${here/zWinUser}%${here/zWinPassword}' //${here/getDeviceName} "cmd.exe /C wmic ntevent where (message like '%widgets%' and LogFile = 'Application' and SourceName='Application Error') list brief" | echo "OK|Errors=$$(wc -l)"

I want to be alerted only when a new instance of the message I am looking for is recorded in the Event Log. I am using the ValueChangeThreshold to do this.

My problems is that occasionally the Event Log scan fails and I get a count of "None" for the number of relevant messages. At some point, Zenoss reconnects and records the correct number during the sampling. This triggers the alert and creates a false positive.

What's the best way to handle this Any advice would be appreciated. Thank you!