Collect Custom Windows Event Logs in Log Analytics

Log AnalyticsAdding most Windows Event Logs to Log Analytics is a straightforward process.  Simply go to the Advanced properties in the Workspace > Windows Event Logs and start typing the name.  A pre-populated list will appear as shown below.  Selected the log and add it for collection.  But what if the log you are looking for is not listed in Log Analytics? Continue reading “Collect Custom Windows Event Logs in Log Analytics”

Azure OMS Log Analytics Step by Step – Data Collector API

I see a lot of potential in Azure Log Analytics. That should go without saying considering the amount of time I have spent learning and documenting it over the past few weeks. One of the most exciting features that adds tremendous flexibility is the ability to log directly to Log Analytics with the Web API. Logging to the Web API enables anything to be written to Log Analytics without the use of the Microsoft Monitoring agent. Continue reading “Azure OMS Log Analytics Step by Step – Data Collector API”

Azure OMS Log Analytics Step by Step – Adding Custom Logs

In previous videos I demonstrated how to collect Event logs from a Windows server in Azure Log Analytics. You may need to also collect custom logs from applications that don’t log to the event log. In this video I show how to collect custom logs in Azure Log Analytics. Once collected, I also show how to define custom fields in those custom logs and run queries against it. Continue reading “Azure OMS Log Analytics Step by Step – Adding Custom Logs”

Writing to the Windows Event Log with PowerShell

Odds are,  you were Googling something like ‘write event log PowerShell’ and you stumbled on this page.  If that’s the case and you just want to write an event to the Event Log to test something like a monitoring or alerting app, I won’t disappoint, below is what you need to know.  If you want a little more information on writing to the Event Log as part of a script, keep going.

Write-eventlog requires 4 parameters, EventID, LogName, Message and Source.  It’s the -Source part that trip people up.  If you don’t know what the source is, simply make one up.  Create the new source with the New-Eventlog command like this:

New-EventLog -LogName <Log you are writing to> -Source ‘Make one up’

For example, Adding the source HAL to the application log looks like this:

New-EventLog -LogName Application -Source ‘HAL’

Continue reading “Writing to the Windows Event Log with PowerShell”