In Azure Monitor we can create two type of alerts for Log Analytics:
Near real-time metric alerts are scoped to specific performance counter and heartbeat events but with Custom Log Search Alerts you can alert on any log in Log Analytics. With Custom Log Search Alerts the alert logic have two types:
- Number of results
- Metric Measurement
In a typical scenario you will use Number of results for logs and events and metric measurement for performance/metric logs. That wouldn’t be a problem if the way the alerts are fired distinguish quite a lot between those. For example in metric measurement you aggregate/summarize results and you alert based on the value from the aggregation/summarization. On top of that different alert instance is fired on each summarized record. In number of results you do not summarize/aggregate and alerts are fired based on the count of the records. For example on 10 records you will get only one alert instead of 10. If you are like me this is a problem as you want to get separate alert instance for your events just like metric measurement alerts.
In this blog post I will show you how to overcome this problem with workaround from the powerful Log Analytics query language.
Continue reading “Using Custom Log Search Alerts Based on Metric Measurement for Event Based Logs”
I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it and show you some cool example with the new query language on transforming data.
Continue reading “Find if You Are Using Only TLS 1.2 Protocol with Log Analytics”
At Ignite Jo Chan showed us how we can now execute Search queries trough Operations Management Suite API which is basically Azure Resource Manager API. He demonstrated that with a tool called ARMClient. That tool seems nice but I wanted to get results with PowerShell as it is more familiar to me. Continue reading “Programmatically Search Operations Management Suite”
During the last couple of months System Center Advisor or as probably will be known as Microsoft Azure Operational Insights Preview after TechEd Europe 2014 has received a lot of improvements and feature so we are now to Part 7. With this blog post I am also renaming all other blog posts. Here is the full list:
In this post we will have a quick look at a new intelligence pack called SQL Assessment: Continue reading “Microsoft Azure Operational Insights Preview Series – SQL Assessment (Part 7)”
So far I’ve covered almost every Intelligence Pack. Last week a new feature “My Dashboard” was released. This is one of the features I’ve voted on. With this short post I want to share a tip how to make your tiles in My Dashboard more useful. Continue reading “Microsoft Azure Operational Insights Preview Series – Time Matters in Dashboard (Part 6)”
On a SCOM management server I’ve noticed event ID 31553 logged a lot constantly and in detail the error looked like this: Continue reading “Fixing Event ID 31553 On SCOM Management Server”
Here 21 SQL queries that you can run against VMM Database and get useful information. The scripts are kindly provided by Murat Demirkiran a Senior Virtualization Expert at Denizbank in Infrastructure & System Management Group.