Forum Discussion

Vedran Matica's avatar
Vedran Matica
Copper Contributor
Jan 29, 2018
Solved

OMS DNS Analytics solution discrepancy

I have configured custom OMS workspace with the DNS Analytics solution enabled. For testing purposes I have generated 43K+ random name resolution queries on test VM against the DNS server that is rep...
azure monitor
OMS
  • Vedran Matica's avatar
    Vedran Matica
    Jan 30, 2018

    Noa,

     

    I figured it out in the meantime. Random domain name lookup queries were generated with characters which are invalid according to the DNS RFC specification. After excluding invalid characters from lookups, I am getting results which are aligned with the testing scenario.

     

    Kind regards,

    Vedran

Noa Kuperberg's avatar
Noa Kuperberg
Icon for Microsoft rankMicrosoft
Jan 29, 2018

Hi,

Possible reasons could be:

1. Ingestion time - it usually takes around 10 minutes for events to be ingested and searchable)

2. Client capping - the UI client caps the results at 10K. The API will return the full set of results.

3. Query - by default, queries are not sorted by anything. When you review your query results, bare that in mind.

 

Noa

Resources