Category Archives: Operations Management Suite

Log Analytics OMS Operations Management Suite

Exporting OMS Log Analytics Alerts and Importing into Another Workspace

Published by:

One of the problems you may face when using Microsoft’s Operations Management Suite Log Analytics (I’m glad there is no acronym for all that) is to replicate some configurations you may require to another workspace. If you provide services to multiple customers, you will know exactly how challenging it can be. If you have a Dev or QA environment, you may also require moving your configuration.

Currently, the OMS Log Analytics console won’t allow you to move your alerts and search queries. For the saved searches, I’ve written a couple of scripts for that purpose (see here). More recently, Microsoft made the Alert REST API documentation available here and with that, the alerts can also be exported and imported.

For that, I’ve written two scripts:

Export-Alerts.ps1 – it will cycle through your tenants and identify all saved searches that have an action and a schedule (alert) assigned to it and will export them to a file.

Import-Alerts.ps1 – it will take the previously generated file and import those alerts into any workspace you select.

Let’s see how it works. First, exporting:

When you run the script, you must enter your credentials:

image

Then pick your tenant:

image

and your subscription:

image

Once done, it will generate a file (alerts.xml by default):

image

Now to import it, steps are similar. Run the file import-alerts.ps1 file and pick your tenant:

image

Then the subscription:

image

And the target workspace:

image

And lastly, the alerts.xml file:

image

Once done, you should see the alerts in your target workspace, as well as the saved searches!

image

Hope this helps!

Azure Operations Management Suite SCOM

Updated Extended Agent Info Management Pack

Published by:

A while ago I wrote this article to help with SCOM side by side migrations from SCOM 2007. With the new Operations Management Suite wave and the possibility of agents reporting to an OMS workspace independently, visualizing agents that have been configured and/or have the OMS direct agent installed seems to be something that will be useful.

So, I have updated the management pack and it can be found here.

The basic difference is that you can see more information in the view:

image

As you can see above, some agents report to multiple workgroups as well as an OMS workspace.

Next steps in my backlog are tasks to configure an agent that has the agent (enable, disable, change workspace) and even perhaps upgrade the agent with the OMS binaries.

 

Hope this helps.

Azure Operations Management Suite

Importing Saved Searches into your OMS workspaces

Published by:

In my previous article, I have shown how to extract Saved Searches from your Azure OMS workspaces. Having that file in your hands, you can use the script below to import the results into another workspace.

First, get a hold of the script here. Also make sure you have all pre-requisites mentioned in the previous article.

When you first run it, you will be prompted for authentication:

image

If you have multiple tenants, you will be asked which tenant to use:

Then about the subscription:

image

Next, you should be prompted about the workspace you would like to target:

image

And finally, the file to be imported, which has been exported with the script in the previous post:

image

Once the script is done, you should see a new category in your workspace:

image

And that is it!

Hope this helps!

Azure OMS Operations Management Suite Uncategorized

Exporting Saved Searches from your OMS workspaces

Published by:

I have been studying OMS for a while now and although there is gradually more and more content about it, here’s another piece of code that can help you with your daily OMS management.

If you don’t know what OMS is, go here.

If you do, you may know that you can save searches that you find interesting and even add them to your workspace for future or daily use.

image or image, for example.

The problem comes when you need to move your searches to another environment. You don’t want to create hundreds of queries manually in the portal.

Enters PowerShell. You can find the documentation on the initial setup here.  With a great start from Richard Rundle from Microsoft, I have completed the script to export the Saved searches.

Once you have Chocolatey and armclient configured, you can go ahead and use the script below.

Here’s a little walkthrough.

1. As soon as you run it,

image

you will be prompted by the login screen:

image

If you are like myself, using a user that has access to multiple tenants, you’ll be prompted for the tenant:

image

You will be then prompted for the subscription:

image

The script will show you a list of queries you may want to extract and then extract the ones that match a certain criteria specified in the script:

image

The criteria is the name of the Category:

image

And as you can see, the queries following the lists match that category only:

image

The script will also create a file named after the search category

image

image

Keep that file handy, since we are going to use it in the next article, to import the searches into another environment.

You can find the script here.

 

Keep on rocking in the cloud world!