Wire Data solution has been in Coming Soon status for some time but now it is available for all.
You will find it in the Solution Gallery where you can enable it:
From my experience in my environment the solution consumes more data than most of the other solutions but not so much compared to my top solution data consumers:
But what actually Wire Data Solution represents?
In the gallery you will find description but my short description on this is: Overview of your network and the data on the traffic flowing in it. Before continuing further I should mention that the solution works on Windows Server 2012, Windows 8.1 and higher Operating systems only. My opinion on this is that this makes it very limited as there are still a lot Windows Server 2012 and 2008 R2 out there. But even with that limit you can get very useful information from it.
Now let’s continue by first looking on how the solution looks on its main page:
Here you will see general information about your network. This will just give you glimpse on how your network looks according to the data gathered from Wire Data.
Before starting any investigation or analysis I would suggest to look at the built in examples:
This will give a good start what queries can show interesting results that will help fix/prevent problems in your environment.
Next step would be to go in Search and just type:
This will give all your Wire data. You can expand a few results and have a look at what data is being collected for every record:
That is the beauty of OMS – you can explore data very easily. By exploring that data you can figure more queries that will help you extract value from data.
For example with query like this:
Type:WireData (ApplicationServiceName=http) | measure count() by TimeGenerated interval 1HOUR
I can see the trend for the past 6 hours how many http sessions were established:
Of course like any other OMS solution when you correlate data between solutions makes it very powerful in investigating and analyzing.
But how this solution actually works? Let’s have a deeper look.
On the Management Pack for the solution:
We will see that it relies on a dll assembly for getting and parsing the data.
Looking inside the assembly we can see that the solution relies on ETW for getting the actual data:
I hope you will find this post useful and if you have any feedback you know that the UserVoice is opened 24/7.