Adding most Windows Event Logs to Log Analytics is a straightforward process. Simply go to the Advanced properties in the Workspace > Windows Event Logs and start typing the name. A pre-populated list will appear as shown below. Selected the log and add it for collection. But what if the log you are looking for is not listed in Log Analytics? Continue reading “Collect Custom Windows Event Logs in Log Analytics”
My first article posted at 4sysops on setting up an Azure Monitor workspace in Log Analytics and onboarding Servers.
Computer Groups in Azure Log Analytics can easily be overlooked yet they are very useful. Computer Groups are based off custom log searches or linked to Active Directory, SCCM or WSUS and based off groups in those systems. Continue reading “Computer Groups In Azure Log Analytics”
This post will go over how to create an alert for Log Analytics that evaluates two recent time periods for comparison. It’s a little, let’s say, “in depth” as far as Log Analytics queries go. The alert is intended to trigger when a variable threshold is met based on the recent baseline as opposed to a static metric. Used with my PingTimeLog tool found here, alerts can be triggered if recent response time goes over a rolling average value. I also include a disk free space alert to identify when a large amount of data is added to a disk.
Today I am publishing a utility called PingTimeLog. The idea is simple; ping a group of servers and write the response time to Azure Log Analytics. This utility is intended to be run as a Runbook on an Azure Automation Hybrid Worker. Alternatively, it will run as a scheduled task on a server in your datacenter. The output is written to Azure Log Analytics as a custom Type, allowing users to plot response times in a time chart.
In previous videos I demonstrated how to collect Event logs from a Windows server in Azure Log Analytics. You may need to also collect custom logs from applications that don’t log to the event log. In this video I show how to collect custom logs in Azure Log Analytics. Once collected, I also show how to define custom fields in those custom logs and run queries against it. Continue reading “Azure OMS Log Analytics Step by Step – Adding Custom Logs”
Shared Resources in Azure Automation allow for the reuse of credentials, modules, scheduled, connections, certificates and variables. Variable assets provide a way to share values between multiple runbooks as well as between multiple jobs from the same runbook. In this post, I outline how to reference variables that are encrypted and non-encrypted in an Azure Automation runbook. Continue reading “Variables in Azure Automation”
In this video I give a step by step overview of how to search and send alerts in Azure OMS Log Analytics. I include doing simple searches for Microsoft Windows Event Log data and enabling alerting on specific Event ID’s in Log Analytics.
Click here for more information on setting up an OMS Workspace.