Custom Logs and Custom Fields

18 Topics

Availability on OMS
Hi everyone. I'm trying to find a way of getting Availability of servers on OMS, but I can't find any... By Availability I mean the % of uptime of a given server during a certain period of time. So, if a server was up 98 of a total 100 hours, the availability for that period is 98%. I'm looking to do that in OMS, but I'm not sure it's possible. Thanks in advance.
Solved
Dante Nahuel Ciai
Jan 15, 2018 Place Azure Observability
34KViews
0likes
36Comments
Log Analytics Query for computer last login/active date and time
Hi, I am looking for a query where I can get last login/active date and time for computers in a separate column. I am already using the below query for windows update WaaSDeploymentStatus | where UpdateCategory == "Quality" and TimeGenerated > ago(60d) | summarize arg_max(ReleaseName, DeploymentStatus, DetailedStatus, DetailedStatusLevel, ExpectedInstallDate) by Computer Please suggest what should we add to this query to get a new column which will give me last login/active date and time for computers
yashsedani
Feb 12, 2020 Place Azure Observability
21KViews
0likes
13Comments
Query could not be parsed at 'SecurityEvent' on line.....
We upgraded to the standard tier, but this still isn't working. I can query events, but if I use any queries that involve SecurityEvent it doesn't work. Basically I'm trying to follow this: https://pixelrobots.co.uk/2019/07/query-active-directory-security-events-using-azure-log-analytics-on-the-cheap/
Solved
natv
Dec 10, 2019 Place Azure Observability
14KViews
0likes
2Comments
How to monitor IIS app pools in Azure
CliveWatson saw your other post on the same. But no logs or event IDs are showing in Log analytics. Can someone please help with how to monitor the status of application pools in azure. I am not seeing any events in my log analytics.
priyanka995
Oct 09, 2019 Place Azure Observability
8.8KViews
0likes
3Comments
Troubleshooting Microsoft Monitoring Agent issues
I am working with an OMS setup where Custom Log ingestion has been setup. This is working fine for the most part, but occasionally the Custom Log data stops transmitting to OMS. During these times it has been verified that data is still being written to the log on the VM (the client has viewed and verified this) and the MMA heartbeat still occurs (verified via a Log Analytics query), just none of the Custom Log data is being transmitted. When the agent is restarted, data transmission starts working again. Where should we begin troubleshooting this? I assumed that MMA logs INFO, ERROR and WARNING details in the Event Viewer, but I was not able to locate the details in Event Viewer. I also looked into the installation folder to see if a log file was generated there, but to no avail. Any help pointing to where we could look to troubleshoot this would be appreciated! Thank you!
Deleted
Apr 24, 2018 Place Azure Observability
8.3KViews
0likes
1Comment
Windows Event Forwarding
We are trying to use Windows Event Forwarding to get logs in to Log Analytics. We have configured the security log to forward on to a central server. This works fine and I can see entries. We have set up Log Analytics to collect the "ForwardedEvents" log. From a restart of the Monitoring Agent service I can see the following: The Windows Event Log Provider has resumed processing the ForwardedEvents event log on computer 'fqdn' after recovering from errors. One or more workflows were affected by this. This indicates that it should be collecting the logs fine. I cannot however for love nor money find these events in Log Analytics. Is there anything I am missing? Is this supported? I've googled the forwarded events in to LA and found the UserVoice post asking for this to work but not actually found anything on making it work. Thanks
Solved
Mark Lewis
Jul 01, 2019 Place Azure Observability
7.6KViews
0likes
2Comments
How to calculate service reliability and availability ?
Looking for sample azure log analytic query to measure service reliability and availability for web api service for which logging is done in azure application insights
Solved
Phani_5
Apr 22, 2019 Place Azure Observability
5.7KViews
0likes
2Comments
Editing Custom Fields for syslog message extraction
Hi, I am currently creating new custom fields to extract the data from a syslog data source. Having initially setup the three fields I need I've now found a set of messages that do not parse correctly. How can I update the Wizard for the custom field to include this new extraction? Right now the only option I can see is to delete the custom field and start again. This is going to cause me all sorts of problems if we need to check every single possible message from a data source before we create a custom field. Or, alternatively am I just missing something and there is a much easier way to do this?
Solved
SimonR
May 12, 2020 Place Azure Observability
3.5KViews
0likes
2Comments
Using REST endpoint to add log data, can i set the MetricName value?
Disclaimer that i am new to OMS. I am using the ods.opinsights.azure.com/api/logs?api-version=2016-04-01 endpoint to save log entries to OMS. I am sending the messages as JSON which automatically creates new columns and filters for me in OMS. The properties it creates are generally suffixed with "_s" for string or "_g" for guid. I noticed there is a property already available called "MetricName" but when i try to set a value for it in my log entry, it adds a column called "MetricName_s". The same message also has the property DurationMs and that gets set fine. My question is, how can i set the MetricName property on a log entry when posting to a REST endpoint. Tank you, Jason
Solved
Jason Perron
Dec 02, 2017 Place Azure Observability
3.1KViews
0likes
3Comments
CPU utilization for VMs in past 3 months in different time zone (PST) for Specific working hours
Hi Team, I need a help in getting the average CPU utilization for VMs in last 3 months in different time zone (PST) only for specific time range. i have written the query to fetch the average CPU utilization for last 3 months and i set the time range in portal option. Heartbeat | where SubscriptionId != '' | summarize by TenantId, SubscriptionId, Computer, ResourceGroup=tolower(ResourceGroup), ResourceId=tolower(ResourceId) | where ResourceGroup == "azrg-oc-ame-tds-vm" | join kind=inner ( Perf | where (ObjectName == "Processor" and CounterName == "% Processor Time") | summarize CPUAvg = (avg(CounterValue)) by Computer ) on Computer | project Computer, CPUAvg how can i filter the CPU utilization only for 12 hours\day in PST time zone for last three months. Thanks in advance.
Syed_Aman
Jul 03, 2019 Place Azure Observability
3.1KViews
0likes
4Comments