Adding most Windows Event Logs to Log Analytics is a straightforward process. Simply go to the Advanced properties in the Workspace > Windows Event Logs and start typing the name. A pre-populated list will appear as shown below. Selected the log and add it for collection. But what if the log you are looking for is not listed in Log Analytics? Continue reading “Collect Custom Windows Event Logs in Log Analytics”
Tag: azure log analytics
Azure Monitor Setup and Server Onboarding
My first article posted at 4sysops on setting up an Azure Monitor workspace in Log Analytics and onboarding Servers.
https://4sysops.com/archives/azure-monitor-setup-and-on-premises-configuration/
Alerts Based on Rolling Averages in Log Analytics
This post will go over how to create an alert for Log Analytics that evaluates two recent time periods for comparison. It’s a little, let’s say, “in depth” as far as Log Analytics queries go. The alert is intended to trigger when a variable threshold is met based on the recent baseline as opposed to a static metric. Used with my PingTimeLog tool found here, alerts can be triggered if recent response time goes over a rolling average value. I also include a disk free space alert to identify when a large amount of data is added to a disk.
Continue reading “Alerts Based on Rolling Averages in Log Analytics”
Log Ping Response to Log Analytics
Today I am publishing a utility called PingTimeLog. The idea is simple; ping a group of servers and write the response time to Azure Log Analytics. This utility is intended to be run as a Runbook on an Azure Automation Hybrid Worker. Alternatively, it will run as a scheduled task on a server in your datacenter. The output is written to Azure Log Analytics as a custom Type, allowing users to plot response times in a time chart.
Link Azure Automation and OMS Workspace
I had issues linking a Log Analytics Workspace and Automation Account this week. To begin with, there is no option to link an Automation Account from within an OMS Workspace and no way to link an OMS Workspace from within the Automation Account. The only option is to go into the OMS Workspace and add a solution that requires an Automation Account such as Automation and Control. The process is outlined here.
Updated 11/2018 – Added Log Analytics to the content as OMS is getting phased out.
Issue below still exists, although you do not need to go into the OMS portal to link. It can be done simply by added the Automation and Control solution in Azure. The Log Analytics Workspace and Automation Account do not need to be in the same Resource Group. They do need to be in the East US and East US 2 Region to link however.
The bigger problem is that when I went to configure the workspace there was no Automation Account available when I tire to add a solution. OMS Gave me the message: Continue reading “Link Azure Automation and OMS Workspace”