cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Need to monitor & alert on number of errors of third party service running on a Windows VM in Azure.

John Korkes
Microsoft

‎Sep 06 2018 03:54 PM - last edited on ‎Apr 07 2022 05:28 PM by

‎Sep 06 2018 03:54 PM - last edited on ‎Apr 07 2022 05:28 PM by

Need to monitor & alert on number of errors of third party service running on a Windows VM in Azure.

I have an Azure customer who wants to be able to monitor the Service State of a 3rd party service (not windows) on a VM and alert on it. Does anyone have a process and can share a kusto query to do this? Thanks in advance!

Labels:
1,344 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Sep 07 2018 06:50 AM

‎Sep 07 2018 06:50 AM

Solution

Re: Need to monitor & alert on number of errors of third party service running on a Windows VM i

Hi,

Previously I have written this blog post which is still valid:

https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

 

Additionally Change Tracking solution can also monitor Services states and recently they've made it possible so you can monitor those with 10s difference:

https://docs.microsoft.com/en-us/azure/automation/automation-change-tracking#change-tracking-data-co...

 

You can potentially use change tracking for that as well as it offers better out of box experience for that. Example query for specific server and service will be :

ConfigurationChange
| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| where Computer == "ContosoFileSrv1"

You will have to replace the display name of the service with the one you want to monitor and the Computer with the server name you want to monitor. With that query you can create Log Search alert of type Number of results.

You can also do it more dynamic with alert Log Search alert of type metric measurement. In that case the query will look the following:

ConfigurationChange
| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| summarize AggregatedValue = count() by Computer, bin(TimeGenerated, 5m)

For that query Aggregated Value should be greater than 0. Trigger will be Consecutive breaches greater than 0. Period and frequency will be 5 minutes.

 

You can also see at more advanced scenario with having query aggregating on more than one filed here:

https://cloudadministrator.net/2018/06/08/aggregate-on-more-than-one-column-for-azure-log-search-ale...

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Sep 07 2018 06:50 AM

‎Sep 07 2018 06:50 AM

Solution

Re: Need to monitor & alert on number of errors of third party service running on a Windows VM i

Hi,

Previously I have written this blog post which is still valid:

https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

 

Additionally Change Tracking solution can also monitor Services states and recently they've made it possible so you can monitor those with 10s difference:

https://docs.microsoft.com/en-us/azure/automation/automation-change-tracking#change-tracking-data-co...

 

You can potentially use change tracking for that as well as it offers better out of box experience for that. Example query for specific server and service will be :

ConfigurationChange
| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| where Computer == "ContosoFileSrv1"

You will have to replace the display name of the service with the one you want to monitor and the Computer with the server name you want to monitor. With that query you can create Log Search alert of type Number of results.

You can also do it more dynamic with alert Log Search alert of type metric measurement. In that case the query will look the following:

ConfigurationChange
| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| summarize AggregatedValue = count() by Computer, bin(TimeGenerated, 5m)

For that query Aggregated Value should be greater than 0. Trigger will be Consecutive breaches greater than 0. Period and frequency will be 5 minutes.

 

You can also see at more advanced scenario with having query aggregating on more than one filed here:

https://cloudadministrator.net/2018/06/08/aggregate-on-more-than-one-column-for-azure-log-search-ale...

View solution in original post

0 Likes
Reply