Home

Azure Log Analytics

74 Conversations

Latest Activity

Custom List Message Item

I'm trying to create a new Log Analytics workspace in the West Central US region. However, when creating a new workspace through the Azure portal, I do not see an option for West Central US. So, I tried creating it using PowerShell, but when I run the New

... Read More
96 Views
2 Replies

Hi Matthew,

 

Due to load and capacity planning considerations we took a decision to temporary limit the number of new customers on West Center US region. Meanwhile, you

... Read More
Hello Mattew! I've been researching Log Analytics in the region you've spoken to. Although it is already available for use, the Azure calculator does not yet recognize th... Read More

I am experimenting with creating alerts using the new query language against data uploaded through the data collector API.

I am consistently seeing a 10 minute delay between when an alert query is run and when the alert email is sent. With tight time restr

... Read More
160 Views
3 Replies

I run into this problem periodically (there are a variety of factors that can delay the data sources). Here's a query to check the latest in Hearbeat, but if you replace

... Read More
This seems to be a bug. I've notified the responsible team for this and hopefully they will get it fixed.
Best Response confirmed by Stanislav Zhelyazkov (MVP)

Hi there, I have a problem about alert webhook integration with slack.

 

My query of alert is the following

```

AzureActivity | where OperationName == "Update resource group" and ActivityStatus == "Succeeded"

```

 

And my JSON payload of webhook is here

`

... Read More
63 Views
0 Reply

Hi everyone, I'm very excited to join this community! :)

 

I'm regularly using Azure Monitor and I was looking into moving to Log Analytics, but I'm having some troubles. Here's a summary of what I've done so far:

  • Created a Log Analytics resource from my Azu
... Read More
80 Views
3 Replies
Hi, Are you sure that logs are generated for these resources? The easiest way for sending logs for azure resource to Log Analytics is trough Azure Monitor blade. You woul... Read More

I'm trying to set up computer groups in my OMS environment, but running into some issues. Has anyone used computer groups successfully with the new query language?

 

I see the created computer groups in settings, and can view members of the group from there

... Read More
329 Views
8 Replies

Please refer to the documentation.  Please refer to the "Notes" section that refers to the new query language.

Read More

I was able to get this to work in my subscription:
Heartbeat | where Computer contains "<name>" | distinct Computer

 

I then saved the query, made a function of it, and us

... Read More

Hi there,

 

Anyone know how I can get the values from the query into a webhook instead of just posting a link?

 

Want to make it easier for our non-techy coworkers

 

 

 

Thanks

Read More
158 Views
9 Replies

Adding @Brian Wren

I have been following the tutorial simple-look-at-oms-alert-remediation-with-runbooks, however no data is returned by "$Webhookboday.SearchResults.Value".  I can see data from 

$WebhookData.RequestBody but thats it.  Were using a V2 log search webspace, do
... Read More
44 Views
0 Reply

Hi,

 

I have a data set that when I use the summarize/bin over a 1 min interval has gaps in the data (hours) and when the timechart renders the graph the line goes directly from the last value in one set to the first value in the next set (so it looks like

... Read More
97 Views
1 Reply

Hi,

 

Please check out the make-series function to achieve this. For example, instead of saying:

Heartbeat
| where TimeGenerated > ago(1d)
| summarize count() by Compute
... Read More
Best Response confirmed by Blane Nelson (Visitor)

I'm trying to use OMS alerts for heartbeat of my servers. On the old Log analytics, i readed an article saying thats the agent reports each 60 seconds for the OMS and the results of the queries is normally, obeying the frequency of agent reports.

After mig

... Read More
288 Views
6 Replies

I've noticed a little bit of a larger delay in event and heartbeat data being recorded in OMS - in some testing I saw heartbeat data taking up to 8 minutes to show up in

... Read More

 (Type=Event) (EventID=7036) Source=”Service Control Manager” what is the error cant run this

63 Views
2 Replies

Your workspace must have been upgraded.   You can use the legacy converter to convert your query to new language.2017-11-05_18h44_07.png

 

 

Read More
Event | where (EventID == "7036") | where ( Source == "Service Control Manager" )

I have logs with multiple tables which has customerID in all the tables. Now I need to join the CustomerId with master table (Customer table) so that I can display the result with Customer Name by joining both tables. I was able to create new table Custom

... Read More
177 Views
8 Replies
Hi, Instead of using the filter from the UI why not filter on the time range directly in your queries. The time range in your queries will override the one chosen from th... Read More

Wanted to see if anyone has this too. I couldn't find any docs about how to maintain consistent agent versions. If anyone knows please chime in :)

Capture.PNG

 

 

 

Read More
129 Views
2 Replies

If you're using OMS for checking updates already, the agents will get often get updated in optional Windows updates. So the answer that I've found is: update my boxes to

... Read More
Usually the agent updates are small one containing bug fixes. You can maintain the same version using several methods - Using Windows Update to install the latest version... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)

 Hi,

 

Using different examples online and snippets from previous deployments i am putting together a ARM template for deploying OMS/Log Analytics.

 

I am trying to configure solutions during deployment, in particular Azure Activity logs and 365. In the attac

... Read More
93 Views
1 Reply

Got the Azure Activity Logs working. Seems that i had missed the section where the activity log configuration (subscription id etc) in the worskspace resources.

 

 

        
... Read More

Hello all,

 

I have a log analytics workspace automation account running a runbook against a hybrid worker group. The group has multiple on-prem machines and the runas account is the same across the machines within the worker group. However, the runbook exi

... Read More
68 Views
1 Reply
Hi When runbook is started it runs only against one hybrid worker from a hybrid worker group. This is the expected behavior. You have multiple hybrid workers in a hybrid ... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)

I just created a Workpace for our organization for Windows Analytics on OMS, and starting to learn more about it, I notice there is a "My Dashboard" icon on all the demo video about Windows Analytics, as the following screenshot :

1.JPG

 

But on my OMS dashboard,

... Read More
124 Views
4 Replies

Its a deprecated feature. With new update this feature will be remove from OMS 

Hi Nathan Li,

 

My dashboard is being deprecated

Look the OMS Blog recently post.

https://blogs.technet.microsoft.com/msoms/2017/10/17/azure-log-analytics-workspace-upgrades-in-progress/

... Read More
Best Response confirmed by Nathan Li (New Contributor)

While selecting the time range in the filter, same filters are adding multiple times.

 

image.png

Read More
115 Views
3 Replies
Thanks Evan. It is resolved now.

Hey Sridhar,

 

Thanks for sending this. We're aware of the issue and will be rolling out a fix. The fix will be in all supported regions by Thursday. For now, you should

... Read More
Best Response confirmed by Sridhar Manickavel (Occasional Contributor)

I have multiple client environments streaming data to Log Analytics.  What are the pros and cons to use a single instance versus individual instnaces of Log Analytics. Please point me to the business benefits . Thank you.

278 Views
6 Replies

Interesting question which I also gave quite some thought. There is no doubt a single instance is easier. However, there are two issues I have in an (large) enterprise en

... Read More
With single instance you will have to manage RBAC only on that instance with multiple you will have the burden to manage it on all of them. If you need to create a query ... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)

Hi Avijeet, I'm started to use multiples instances for my clients. But latest the resource "Computer Groups" is launched I have trying to use my costumers on single insta

... Read More

Hello,

 

I recently had a working session with a client that realized that their Linux distro (above) is not supported for the Log Analytics. We didnt realize this until we tried to install the dependency agent (after installing the OMS agent), which threw

... Read More
168 Views
2 Replies

For the Dependency Agent, we are adding limited support for Ubuntu 16.04 in our next release (9.2.0), due out within the week.  The limited part is that we will support k

... Read More

I will add one of our colleagues to the thread.

In label, the  word “Warning” has “W” with upper case, but in the search not.

 

Capture.PNG

Read More
106 Views
1 Reply

We'll fix the precofnigured search.  You can modify the query during run time and create a new saved search for now. (We also have case insensitive operator that you can

... Read More
Best Response confirmed by Anisio J. Moreira Neto (New Contributor)

Hello all,

 

Previous to workspace upgrade, I was able to issue a query with Get-AzureRmOperationalInsightsSearchResults and get proper results back. After upgrade this is what I am getting back. Any advise on how to troubleshoot the issue?

 

$OmsQuery='Azure

... Read More
155 Views
3 Replies

Never mind. The release notes state that cmdlet is not yet upgraded.

 

PowerShell cmdlets Question: Does the Log Search PowerShell cmdlet get updated after I upgrade?

The Get-AzureRmOperationalInsightsSearchResults

... Read More

If you’re currently using Azure Log Analytics to monitor your environments for availability and performance, we’re rolling out new enhancements and changes for Log Analytics that you should be aware of. Including the new and improved query language, so th

... Read More
169 Views
0 Reply

Hello,

 

I hope this is the right forum for this question.

Do you know when Log Analytics will be available in the following regions:

 

  • Japan West
  • China East
  • Canada Central
  • Brazil South
  • Germany Central

 

According to the pricing page(https://azure.microsoft.com/en-us/pricing/details/log-analytics/

... Read More
140 Views
3 Replies

We have Azure Log Analytics now available in Canada Central and Japan East.  I don't have ETAs on other for now.   Are you interested in all regions or any specific one ?

Read More

Hello Team,

 

I am using OMS portal to get the failure notification for runbook failure created under Azure automation account. I have used below query to set the alert and getting failure notification as an email. However the challenge is, I am not getting

... Read More
112 Views
1 Reply
Hi Unfortunately this is not possible. If you switch to the new query language there could be some workaround by concatenating the name and the jobID and than aggregate o... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)

HI There,

I created this query to make simple names for a custom log I have being pulled in. But for some reason its cutting all the other fields except for the one defined.

 

let usbNames = datatable (USBName_CF:string, Simple_Name:string)  [@"u'\\\\?\\USB#

... Read More
101 Views
1 Reply

Sorry I didn't realize you had posted here already.  I am adding the response here for others as well.

Since the string had a lot of special characters, we need to add @

... Read More

I have created two filters like below.  Second filter is dependent on first Filter1.  

Filter1 : search * | distinct  Computer

Filter2: search * | where ${Filter1}| distinct UserName_s

 

I am not getting any error or there is no result.

 

If i change the Filter

... Read More
107 Views
1 Reply
I'll ask one of our colleagues to respond