Cloud Infrastructure – Operations Management Suite
The Alerting feature
In my previous post, I gave an overview of the Operations Management Suite and the basic process of setting up the agent. In this post, I will describe the OMS Alerting feature, one of the most requested improvements of the log analytics solution.
As one would expect, a (so called) monitoring feature like log analytics should be capable of notifying a user when certain conditions are met. This has always been a basic features of Operations Manager (and one of the biggest pains for SCOM users). Microsoft listened to the claims of its customers and recently added this capability (currently in a public preview). Additionally, you can select the public preview features you want to enable on your workspace:
Make sure you check the Operational Insights User Voice page and vote for the features you want or like the most.
To leverage the alerting features, you need to go to the log search feature:
Once there, you can experience the power of the search engine. For example, you can search the latest data generated by the performance counters collection:
You could also, check security information:
In possession of the query, you could notify when a certain condition is met: for example, when performance is failing to be collected. First, you select the alert button:
And then configure the parameters:
Once triggered, you receive an e-mail similar to the one below:
Once you are done with the alert, you can remove it here:
Unfortunately, there is no way to modify the alert, as of now.
Alternatively, you can select to enable a remediation once the alert is triggered:
That capability alone allows for multiple ways to handle and mitigate issues detected by the OMS log analytics engine and will be the subject of another blog post.
Considering the power of log analytics and how far it car reach and dig into the big sea of data generated by our applications, it is only natural that you would want to be notified when a certain situation has arisen. So far, Microsoft has delivered basic alerting features, which has virtually infinite expansion capability through the remediation features (since you can call any Azure Runbook from there). However, it still needs to be polished and improved, to add things like editing, alert suppression rules, ticketing integration and others.