Microsoft Azure Operational Insights Preview Series – Collecting Logs from Azure Diagnostics (Part 16)

Previously on Microsoft Azure Operational Insights Preview Series:

This blog post is about a feature you may know or may not know about OpInsights. Besides ingesting data trough agents or SCOM OpInsights can ingest data trough Azure Storage as well. And you can place data in Azure Storage trough a Azure feature like Azure Diagnostics. So lets see how all this works.

First you will need to link your OpInsights workspace to your Azure Subscription and Add Azure Storage Account to it. You can check Part 10 of my series for this but your Azure you should have  the following configured for the storage:

image

Now that we have this in place let’s see what we actually can ingest. Azure Diagnostics can collect different types of data but currently OpInsights can ingest some of it. Currently the matrix of what logs can be ingested and from what source is the following:

image

Now let’s see how to configure Windows Event logs for a VM.

To do this you will need to go to the Azure Preview portal:

https://portal.azure.com

Click Browse –> Virtual Machines

image

Select one of the Virtual Machines for which  you want to activate Azure Diagnostics:

image

Click on the monitoring tile:

image

Select Diagnostics Settings and change status from Off to On:

image

Basically for Virtual Machine if you enable every Windows event log you can gather them. In my case I’ve also selected to collected everything from Verbose to Critical you can of course can decide to collect anything above warning.

You will also need to place these logs to the same storage account that is used by Operational Insights. When you are ready click save.

After around one hour if you execute the following query:

*  | Measure count() by SourceSystem

You should see Events from source Azure Storage showing up:

image

Of course you can enable Azure Diagnostics even with Azure PowerShell. You can find example for this along on how to enable Azure Diagnostics on Web roles and Work roles on the Azure Operational Insights documentation site.

Microsoft Azure Operational Insights Preview Series – Plans and Retention (Part 15)

Previously on Microsoft Azure Operational Insights Preview Series:

Currently in Azure Operational Insights Preview we have available 3 plans:

  • Free
  • Standard
  • Premium

Two of them are associated with prices and you can read more here.

One of the differences between these plans is their retention period meaning how long in the past you can see you data when you use Search. If you’ve signed up trough https://preview.opinsights.azure.com/ for the service and you haven’t linked your account you need to know that are you automatically assigned for the Free plan. You can change that at any time but you first need to link your Azure Operational Insights workspace to your Azure subscription. You can see how to do this in Part 10 of my series and in Part 14 with the new onboarding experience you will see also which plan are you using currently. In fact even if you do not want to change your plan but you have Azure subscription it is better to link them. Switching between plans in a short period does not affect right away meaning that if you have switched from Premium from Free you will not loose your data right away and you can return to Premium. As part of the preview if you have connection to SCOM Management Group you will not always have the daily limit and retention period applied. Keep in mind that some of this information is related to the preview and will probably change with GA.

Microsoft Azure Operational Insights Preview Series – New Onboarding User Experience (Part 14)

Previously on Microsoft Azure Operational Insights Preview Series:

I was checking my Operational Insights Workspace today and I’ve noticed there is a new tile named Settings:

image

The Settings tile will lead you to a page which will guide what steps to make in order to start with Azure Operational Insights.

image

As I had this workspace for a while I’ve already completed all the steps in getting started. As we can see Data Source is our first step. Data sources are basically your direct agents, SCOM Management Groups and Azure Storage. You have the information for Direct Agent right on this page. Connect to SCOM will lead you to a guide on how to do that and connect to Azure Storage will do the same. The last two are guides are there are more steps to do in order to enable them.

You will also see a tab Logs and this is where Add Logs step leads you to. Logs are enabled by default on every new workspace but no data is gathered automatically from that because you still will need to add the logs you want to ingest and analyze in Azure Operational Insights.

image

I’ve already added some.

The last step will lead you to Intelligence Pack Gallery:

image

 

  <p>The last improvement I want to show you is that the Operational Insights portal now shows on which data plan you are:</p> <p><a href="https://cloudadministrator.files.wordpress.com/2015/04/image4.png"><img title="image" style="border-top:0;border-right:0;background-image:none;border-bottom:0;padding-top:0;padding-left:0;border-left:0;display:inline;padding-right:0;" border="0" alt="image" src="https://cloudadministrator.files.wordpress.com/2015/04/image_thumb4.png" width="315" height="147"/></a></p> <p>This is important and I will have another post on that soon.

Next Chapter

Today was my last day at my current company. For the last two years I’ve learned a lot there which helped me to level up my skill. So I’ve reached some level and decided that I needed to challenge myself. I had a few offers over the past months but some were pure bullshit and others were not interesting enough. I’ve been working with Mr. Kristian Nese on several community project for a while with Cloud OS Whitepaper being the most famous one. This of course led me close to the radar of Lumagate. At some time I’ve reached a point with them where I couldn’t refuse any more. So from Friday I start at Lumagate. I am excited to start this challenge and help Lumagate succeed even more. The Next Chapter to our journey starts.

GRE Tunneling with NVGRE Gateways and SCVMM 2012 R2 UR5

GRE tunneling option was enabled with Update Rollup 5 in SCVMM 2012 R2. But to fully enable it you had to install some update on NVGRE Gateways. I’ve predicted that such hotfix will be available soon and now it is out. You can find it here and enable the full scenario with VMM and NVGRE Gateways. Here are some of the scenarios that you can use this feature for. Documentation is for vNext but now this feature is enabled in Windows Server 2012 R2 and System Center 2012 R2.

Update:

To enable it. Download and install the hotfix on your NVGRE Gateways. Restart will be required. Make sure your SCVMM 2012 R2 server is Update Rollup 5. Refresh your gateways in VMM console -> Fabric Pane-> Networking -> Network Service -> right click Gateway and refresh. Open the properties of a gateway. Go to Provider tab. Click Test. After that for VM Network you will be able to add GRE tunnel when you have Gateway attached to that network.

GRE

 

Microsoft Azure Operational Insights Preview Series – Removing Legacy Configuration Assessment (Part 13)

Previously on Microsoft Azure Operational Insights Preview Series:

To be honest I do not use the legacy Configuration Assessment in Azure Operational Insights. It is just not relevant for me at this time. I do not know if this function will be removed in the future but what seems that it will be replaced in the future by other Intelligence Packs. In the past I’ve disabled that feature by simply deselecting all rules in it:

Configuration Assessment tile –> Alerts Tile –> View all alerts –> Manage Alerts –> Available alerts rules

image

image

image

image

image

But now via Twitter trough Daniele Muscetta I’ve found out that you can actually remove Configuration Assessment like modern Intelligence Pack:

image

After that you will no longer see Configuration Assessment tile on your dashboard and data for it will not be gathered.

If you wan of course you can enable it at any time again:

image

Microsoft Azure Operational Insights Preview Series – AD Assessment (Part 12)

Previously on Microsoft Azure Operational Insights Preview Series:

There is a new Intelligence Pack on the horizon. This IP uses the same model for information like the SQL Assessment IP. You can just go Intelligence Pack Gallery and add it:

image

After adding it you will need to wait up to 4 hours until you see some results:

image

As far as I understand you do not need special accounts to make it work. You may need to bounce the SCOM agent on the domain controllers to make it work according to Daniele Grandini, Tao Yang and Cameron Fuller.

After those 4 hours you should start see that tile filled with information:

image

Digging into it it has the same look and feel like SQL Assessment IP.:

image

Let’s see how a recommendation looks like:

image

Clicking on one of the affected objects goes to Search:

image

As this IP follows the same structure as the SQL Assessment one you can use similar or the same queries to find the information you need.

And btw after adding it we’ve found a real world problem by the recommendations from AD Assessment IP. This is a very nice addition to the Azure Operational Insights service.

Begin Your Journey to the Cloud with the Cloud Administrator

Follow

Get every new post delivered to your Inbox.

Join 1,359 other followers