Searching OMS Using the New Search Language (Kusto) REST API in PowerShell

Currently Microsoft is in the process of upgrading all OMS Log Analytics workspaces to the new query language (named Kusto). Once your workspace has been upgraded, you will no longer able to invoke search queries using the Get-AzureRmOperationalInsightsSearchResults cmdlet from the AzureRM.OperationalInsights PowerShell module. Kusto comes with a new set of REST APIs, you can find the documentation site here: https://dev.int.loganalytics.io. According to the documentation, this REST API has the following limitations: Queries cannot return more than 500,000 rows Queries cannot return more than 64,000,000 bytes (~61 MiB total data) Quries cannot run longer than 10 minutes by default. From

Inside OMS Book V2 Released

Few days ago, the Inside OMS Book version 2 has been released as a free ebook to the TechNet Gallery: http://bit.ly/InsideOMS A lot has changed since the first release of the book and even when we were writing the version 2, I constantly feel that we are shooting a moving target. Now looking back, we have been working very very hard over the last 10 months. Comparing with version 1, the size of the book increased from ~450 pages and 12 chapters to ~750 pages and 17 chapters.  This time, other than the authors, we are fortunate that we have

Using Postman Invoking Azure Resource Management APIs

When working with REST APIs, Postman (https://getpostman.com) is a popular tool that needs no further introductions. This week, I’ve been pretty busy working on the upcoming Inside OMS V2 book, and I’m currently focusing on the various OMS REST APIs for the Custom Solutions chapter. I want to use Postman to test and demonstrate how to use the OMS REST APIs. Since most of the ARM based APIs requires oAuth token in the authorization header, I needed to configure Postman to contact Microsoft Graph API in order to generate the token for the API calls. Initially, I thought this would

Programmatically Performing OMS Log Search Against a Large Result Set

When performing OMS log search programmatically, you will encounter an API limitation that will prevent you from getting all the logs from the result set. Currently, if the search does not include an aggregation command, the API call will return maxium 5000 records. This limitation applies to both the OMS PowerShell module (AzureRM.OperationalInsights) and searching directly via the Log Search API. The return response you get from either the Get-AzureRmOperationalInsightsSearchResults cmdlet or the Log Search API, you will get the total number of logs contained in the result set from the response metadata (as shown below), but you will only

Inside OMS book v2 Preview Chapters Release

Over the last few months, Stan, Pete, Anders and I have been very busy with writing the version 2 of the Inside Microsoft Operations Management Suite book. Although we still have few more chapters to finish, we have decided to release 3 preview chapters now. The first preview chapter was released yesterday. It was Chapter 6: Extending OMS Using Log Search (http://insidethecloudos.azurewebsites.net/early-chapter-preview-of-inside-oms-version-2/). This chapter was written by myself, and reviewed by my MVP buddy Kevin Greene (@kgreeneit) and Pete himself. This chapter has covered several OMS functionalities that are based on Log search: Saved Searches OMS Computer Groups Custom Fields

Managing Azure Automation Module Assets Using MyGet

Background Managing the life cycle of PowerShell module assets in your Azure Automation accounts can be challenging. If  you are currently using Azure Automation, you may have already noticed the following behaviours when managing the module assets: 1. It is difficult to automate the module asset deployment process. If you want to automate the module deployment to your Automation Account (i.e. using the PowerShell cmdlet New-AzureRmAutomationModule), you must ensure the module that you are trying to import is zipped into a zip file and located on a public location where Azure Automation can read via HTTP (i.e. Azure Blob storage).

PowerShell Script to Import and Update Modules from PowerShell Repositories to Azure Automation

PowerShell Gallery has a very cool feature that allows you to import modules directly to your Azure Automation Account using the “Deploy to Azure Automation” button. However, if you want to automate the module deployment process, you most likely have to firstly download the module, zip it up and then upload to a place where the Azure Automation account can access via HTTP. This is very troublesome process. I have written a PowerShell script that allows you to search PowerShell modules from ANY PowerShell Repositories that has been registered on your computer and deploy the module DIRECTLY to the Azure

Command Launching Microsoft Monitoring Agent Control Panel Applet

I have been refreshing my lab servers to Windows Server 2016. I’m using the Non GUI version (Server Core) wherever is possible. When working on Server Core servers, I found it is troublesome that I can’t access the Microsoft Monitoring Agent applet in Control Panel: Although I can use PowerShell and the MMA agent COM object AgentConfigManager.MgmtSvcCfg, Sometime it is easier to use the applet. After some research, I found the applet can be launched using command line:

PowerShell Script to Create OMS Saved Searches that Maps OpsMgr ACS Reports

Microsoft’s PFE Wei Hao Lim has published an awesome blog post that maps OpsMgr ACS reports to OMS search queries (https://blogs.msdn.microsoft.com/wei_out_there_with_system_center/2016/07/25/mapping-acs-reports-to-oms-search-queries/) There are 36 queries on Wei’s list, so it will take a while to manually create them all as saved searches via the OMS Portal. Since I can see that I will reuse these saved searches in many OMS engagements, I have created a script to automatically create them using the OMS PowerShell Module AzureRM.OperationalInsights. So here’s the script: View the code on Gist. You must run this script in PowerShell version 5 or later. Lastly, thanks Wei for

OMSDataInjection Updated to Version 1.2.0

The OMSDataInjection module was only updated to v1.1.1  less than 2 weeks ago. I had to update it again to reflect the cater for the changes in the OMS HTTP Data Collector API. I only found out last night after been made aware people started getting errors using this module that the HTTP response code for a successful injection has changed from 202 to 200. The documentation for the API was updated few days ago (as I can see from GitHub): This is what’s been updated in this release: Updated injection result error handling to reflect the change of the

%d bloggers like this: