Log Analytics OMS Operations Management Suite

Exporting OMS Log Analytics Alerts and Importing into Another Workspace

One of the problems you may face when using Microsoft’s Operations Management Suite Log Analytics (I’m glad there is no acronym for all that) is to replicate some configurations you may require to another workspace. If you provide services to multiple customers, you will know exactly how challenging it can be. If you have a Dev or QA environment, you may also require moving your configuration.

Currently, the OMS Log Analytics console won’t allow you to move your alerts and search queries. For the saved searches, I’ve written a couple of scripts for that purpose (see here). More recently, Microsoft made the Alert REST API documentation available here and with that, the alerts can also be exported and imported.

For that, I’ve written two scripts:

Export-Alerts.ps1 – it will cycle through your tenants and identify all saved searches that have an action and a schedule (alert) assigned to it and will export them to a file.

Import-Alerts.ps1 – it will take the previously generated file and import those alerts into any workspace you select.

Let’s see how it works. First, exporting:

When you run the script, you must enter your credentials:

image

Then pick your tenant:

image

and your subscription:

image

Once done, it will generate a file (alerts.xml by default):

image

Now to import it, steps are similar. Run the file import-alerts.ps1 file and pick your tenant:

image

Then the subscription:

image

And the target workspace:

image

And lastly, the alerts.xml file:

image

Once done, you should see the alerts in your target workspace, as well as the saved searches!

image

Hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *