Programmatically Performing OMS Log Search Against a Large Result Set

When performing OMS log search programmatically, you will encounter an API limitation that will prevent you from getting all the logs from the result set. Currently, if the search does not include an aggregation command, the API call will return maxium 5000 records. This limitation applies to both the OMS PowerShell module (AzureRM.OperationalInsights) and searching directly via the Log Search API. The return response you get from either the Get-AzureRmOperationalInsightsSearchResults cmdlet or the Log Search API, you will get the total number of logs contained in the result set from the response metadata (as shown below), but you will only

Inside OMS book v2 Preview Chapters Release

Over the last few months, Stan, Pete, Anders and I have been very busy with writing the version 2 of the Inside Microsoft Operations Management Suite book. Although we still have few more chapters to finish, we have decided to release 3 preview chapters now. The first preview chapter was released yesterday. It was Chapter 6: Extending OMS Using Log Search (http://insidethecloudos.azurewebsites.net/early-chapter-preview-of-inside-oms-version-2/). This chapter was written by myself, and reviewed by my MVP buddy Kevin Greene (@kgreeneit) and Pete himself. This chapter has covered several OMS functionalities that are based on Log search: Saved Searches OMS Computer Groups Custom Fields

Be Cautious When Designing Your Automation Solution that Involves Azure Automation Azure Runbook Workers

Over the last few weeks, it occurred to me twice that I had to change my original design of the automation solutions I was working on because of the limitations of Azure Automation Azure Runbook Workers. Last month, my fellow CDM MVP Michael Rueefli has published an article and explained Why deploying Hybrid Runbook Workers on Azure makes sense. In Michael’s article, he listed some infrastructural differences between Azure runbook workers and the Hybrid runbook workers. However, the issues that I faced that made me to change my design were caused by the functional limitations in Azure runbook workers. Therefore

Managing Azure Automation Module Assets Using MyGet

Background Managing the life cycle of PowerShell module assets in your Azure Automation accounts can be challenging. If  you are currently using Azure Automation, you may have already noticed the following behaviours when managing the module assets: 1. It is difficult to automate the module asset deployment process. If you want to automate the module deployment to your Automation Account (i.e. using the PowerShell cmdlet New-AzureRmAutomationModule), you must ensure the module that you are trying to import is zipped into a zip file and located on a public location where Azure Automation can read via HTTP (i.e. Azure Blob storage).

PowerShell Script to Import and Update Modules from PowerShell Repositories to Azure Automation

PowerShell Gallery has a very cool feature that allows you to import modules directly to your Azure Automation Account using the “Deploy to Azure Automation” button. However, if you want to automate the module deployment process, you most likely have to firstly download the module, zip it up and then upload to a place where the Azure Automation account can access via HTTP. This is very troublesome process. I have written a PowerShell script that allows you to search PowerShell modules from ANY PowerShell Repositories that has been registered on your computer and deploy the module DIRECTLY to the Azure

Command Launching Microsoft Monitoring Agent Control Panel Applet

I have been refreshing my lab servers to Windows Server 2016. I’m using the Non GUI version (Server Core) wherever is possible. When working on Server Core servers, I found it is troublesome that I can’t access the Microsoft Monitoring Agent applet in Control Panel: Although I can use PowerShell and the MMA agent COM object AgentConfigManager.MgmtSvcCfg, Sometime it is easier to use the applet. After some research, I found the applet can be launched using command line:

PowerShell Script to Create OMS Saved Searches that Maps OpsMgr ACS Reports

Microsoft’s PFE Wei Hao Lim has published an awesome blog post that maps OpsMgr ACS reports to OMS search queries (https://blogs.msdn.microsoft.com/wei_out_there_with_system_center/2016/07/25/mapping-acs-reports-to-oms-search-queries/) There are 36 queries on Wei’s list, so it will take a while to manually create them all as saved searches via the OMS Portal. Since I can see that I will reuse these saved searches in many OMS engagements, I have created a script to automatically create them using the OMS PowerShell Module AzureRM.OperationalInsights. So here’s the script: View the code on Gist. You must run this script in PowerShell version 5 or later. Lastly, thanks Wei for

OMSDataInjection Updated to Version 1.2.0

The OMSDataInjection module was only updated to v1.1.1  less than 2 weeks ago. I had to update it again to reflect the cater for the changes in the OMS HTTP Data Collector API. I only found out last night after been made aware people started getting errors using this module that the HTTP response code for a successful injection has changed from 202 to 200. The documentation for the API was updated few days ago (as I can see from GitHub): This is what’s been updated in this release: Updated injection result error handling to reflect the change of the

OMS Search Queries to Extract Rules from Various Assessment Solutions

Currently in OMS, there are 3 assessment solutions for various Microsoft products. They are: Active Directory Assessment Solution SQL Server Assessment Solution SCOM Assessment Solution Few days ago, I needed to export the assessment rules from each solution and handover to a customer (so they know exactly what areas are being assessed). So I developed the following queries to extract the details of the assessment rules: AD Assessment Solution query: Type=ADAssessmentRecommendation | Dedup Recommendation | select FocusArea,AffectedObjectType,Recommendation,Description | Sort FocusArea SQL Server Assessment Solution query: Type=SQLAssessmentRecommendation | Dedup Recommendation | select FocusArea,AffectedObjectType,Recommendation,Description | Sort FocusArea SCOM Assessment Solution query: Type=SCOMAssessmentRecommendation

OMSDataInjection PowerShell Module Updated

I’ve updated the OMSDataInjection PowerShell module to version 1.1.1. I have added support for bulk insert into OMS. Now you can pass in an array of PSObject or plain JSON payload with multiple log entries. The module will check for the payload size and make sure it is below the supported limit of 30MB before inserting into OMS. You can get the new version from both PowerShell Gallery and GitHub: PowerShell Gallery: https://www.powershellgallery.com/packages/OMSDataInjection/1.1.1 GitHub: https://github.com/tyconsulting/OMSDataInjection-PSModule/releases/tag/1.1.1

%d bloggers like this: