OMS – Log Search Cheat Sheet

Cheat-Sheet

A bit more than 2 years ago I created a cheat sheet for Azure Operational Insights Search Data Explorer, today known as Operations Management Suite (OMS) Log Search. Over the years this technology has evolved and grown to one of THE most exciting products from Microsoft. The log search syntax has also grown and got some new options. Because of that, I updated the legacy cheat sheet to meet the latest syntax and modified the examples. I had to extend the sheet to two pages, so that the content would make sense.

Page 1…image

…Page 2

image

Continue reading

OMS – Error "Run Login-AzureRMAccount to Login" e.g. OMS Cmdlets

error-red-key-595x335

I wanted to play with the OMS cmdlets which are part of the AzureRM modules. The OMS / OperationsInsights module itself is called AzureRM.OperationsalInsights. A good place to start with OMS native PowerShell cmdlets is a blog post on the Building Clouds blog. So what is the exact issue? Well, I tried to query my workspace for installed solutions. First I logged in using the Login-AzureRmAccount  cmdlet which succeeded quite nicely..

image

…after I authenticated I ran a cmdlet to get the solutions from OMS…

image

..no matter which cmdlet I tried, I always received the error above.

After some time, I tried to update the modules, running Update-Module which ended in this error…

image

Next step, I tried to install the entire ARM modules by running Install-Module AzureRM –AllowClobber, which ended in a similar error…

image

Continue reading

OMS – Custom Solution “SCOM Effective Configuration”

I had been very busy lately so this blog has been quite for few days, but now I would like to provide a custom OMS solution. My goal was to build a solution which shows you the effective configuration of a monitor or rule, based on a group of objects in SCOM. I created two parts, one is a PowerShell module to collect all the data from your SCOM management server and ingest it into your OMS workspace. For visualizing the data I created a OMS view which looks like this…

screenshot

How does it work? Great question, so let’s start with the data collection.

SendEffectiveConfiguration PowerShell Module

I published the module on PowerShell gallery, which you can find here.

The module supports the following parameters:

  • GroupDisplayName

This parameter accepts any existing group in SCOM, that contains objects. E.g. Windows Server 2012 Computer Group.

  • ManagementServer

Set your SCOM management server here.

  • CustomerID

CustomerID is the workspace id where you want to analyze your data.

  • SharedKey

SharedKey ist the primary key for the corresponding workspace.

So the command executed would look like this:

Send-EffectiveConfiguration -GroupDisplayName  “Windows Server 2012 Computer Group” -ManagementServer SCOM -CustomerId [WorkspaceID] -SharedKey [PrimaryKey] –verbose

Continue reading

OMS – Where Can I Find the Sealed OMS MPs / Intelligence Packs?

image

Sometimes you need to have the sealed version of management packs / intelligence packs which get’s downloaded from OMS. You might need them as reference in your custom management pack solutions or maybe just to explore it. You can find the management packs in your C:\Windows\Temp folder on your SCOM server.

image

As you can see the name of the files corresponds to the solutions in OMS.

I hope this quick tip saves you some time.

E2EVC – Session “Microsoft Operations Management Suite (OMS) meets Citrix”

E2EVC_header
I am very happy to have a session with my buddy MVP Stefan Johner, at the Experts 2 Experts Virtualization Conference 2016 which will take place from November 18th-20th in Rome. E2EVC is a non-commercial, virtualization and Citrix community event. The main goal of the event is to bring the best virtualization and Citrix experts together to exchange knowledge and to establish new connections. After speaking at E2EVC Lisbon in 2015 I am very happy to be back at E2EVC Rome 2016!

The session will take place place on Saturday 19th from 5:45pm till 6:20pm.

Microsoft Operations Management Suite (OMS) meets Citrix. Operations Management Suite (OMS) is the new born star from Microsoft. OMS is a suite of solutions for different Microsoft technologies, but it provides also platform for injecting data via different interfaces. The injected data can be visualized and used for deep data analysis. Stefan and Stefan will give you and overview what OMS can do in terms of Citrix and how it might deliver some ideas how a Citrix administrator can benefit using OMS.

In our session, we will show you what happens if Microsoft Operations Management Suite (OMS) meets with Citrix and VMware. Microsoft OMS is a suite of solutions for different Microsoft technologies, but it also provides a platform for injecting data via different interfaces. The injected data can be visualized and used for deep data analysis. We will give you an overview what OMS can do in terms of Citrix and VMware and how a Citrix or VMware administrator can benefit from using Microsoft Operations Management Suite.

Hope to see you there!

OMS – HTTP Data Collector API 403 (Forbidden)

Few weeks ago Microsoft released the Azure Log Analytics HTTP Data Collector API, which allows you to shoot JSON data into OMS Log Analytics. This is awesome news, because now anything is possible. This means, you are able to use (m)any script languages to send any data to OMS for further analytics and you are able to use all the nice OMS goodies like alerting, view designer for building awesome dashboards, query language for some deep dive into your data etc. I had been playing with this API on my Linux box to see what it is capable of. I use a PowerShell test script on Linux, which I knew worked before. All of a sudden I received this error…

image

I was wondering, because I was sure this script and my workspace is working fine. Actually I modified the script from this blog post here Azure Log Analytics HTTP Data Collector API. If I check the error code it says that workspace ID or connection key needs to be valid.

image

After a minute I got an idea and compared the time on my Linux box…

1

..and the one on my client…2

..so there is a deviation of 40 minutes. I corrected the time on my Linux machine and all of a sudden the data submission worked fine. I was wondering, what the maximum allowed deviation will be . I went back in time in 5 minutes steps and after I reached a 15 minute time difference I received the same error. If I put the time back just 14 minutes, the script worked fine.

Conclusion: If you are playing with the Azure Log Analytics HTTP Data Collector API  make sure your clock is set correctly otherwise you will receive a 403 error.

OMS – Linux Agent Send Remote Syslog Messages to OMS

image

As you know OMS can receive syslog messages from its Linux agents. Well this is nothing special anymore, but there might be use cases where you cannot install a Linux agent or you might have some network devices which need to send syslog messages to OMS because you want to do some deep inspection of the data. How would you handle such situation? Well, one way would be to configure a centralized syslog server. This means you “promote” a Linux server as syslog server and this will be the “target” node for the other devices / systems. After that, configure the surrounding systems to “shoot” their events to the syslog server. I will show you how to do that in this demo.

overview

The Linux agents supports e.g. rsyslog or syslog-ng uploading all events from all facilities with a severity of warning or higher. In my example I will use SUSE Enterprise Server  12 which hast rsyslog installed. The default collected event configuration looks like this…

image

I have installed two Linux systems, SUSE01 and SUSE02. SUSE01 is acting as syslog server, collecting all the events and sending it to OMS. SUSE02 is configured as “client” which will send the events to SUSE01. How did I do that? Let’s see first we will configure SUSE02 (client).

I will not show you how to install Linux nor how to install the OMS Linux agent, because there are enough posts on the internet. Make sure your firewall is also configured for the required ports.

OMS

First you need to prepare your OMS workspace. In OMS you need to configure what facility you would like to get into your workspace. Make sure you configured your workspace, where you have your agent connected to, according to your need. If you need help, check this article here. In my case I added user and local7 facility to my workspace and deployed it to my agents…imageAfter that, we are ready to configure SUSE02 (client).

Continue reading