Microsoft Azure Operational Insights Preview Series – Alert Management (Part 9)


So far:

For more than a couple of weeks there is a new Intelligence Pack in Azure Operational Insights – Alert Management. I would have blogged earlier but initially the IP was not working for my account but the Azure Operational Insights team managed to fix it for less than a week. Of course once I had my Alert Management working I was occupied with other tasks. In short better late than never.

After adding the Alert Management Intelligence Pack quite quickly you will start to see your SCOM alerts in Operational Insights:

image

Digging  deeper in the tile we will see more graphics:

image

image

And of course if you click on a tile here you will be redirected to a search query:

image

So far so good. The first obvious choice is to create query that will show critical alerts in your environment for the last 24 hours:

Type:Alert AlertState=New AlertSeverity=Error TimeRaised>NOW-1DAY | Select AlertName, SourceDisplayName, TimeRaised | sort TimeRaised desc

Than take that query and create dashboard for the query:

image

After that you can use the Windows Phone app for Azure Operational Insights and by simply clicking on the tike you will always know what are the last alerts in your environment remotely.

Second good scenario is to get specific alert and find out the reason why it was raised. Let’s take the following alerts:

image

As I can see I have two alerts that are for web sites down on the same server. From the description I can see the exact same server and from the time frame bar I can see they’ve happened on “2014-11-27T13:35:20.11Z”.

From the query results I copy the time and the server name and put them in notepad.

Than I narrow down the time bar:

To become something like this:

image

Than I replace the query with:

Type=ConfigurationChange Computer:”Server.contoso.com”

image

I get 101 results so I will narrow down the results by adding more filters to the query:

Type=ConfigurationChange Computer:”Server.contoso.com” ConfigChangeType:”Software”

image

This gives me only 14 results and I can see that during that time someone had installed/removed some Lync Services.

Now I can take this result and contact my Lync administrators and get them fired Smile. Just kidding of course but such scenario can be real and Azure Operational Insights is a good partner in resolving IT mysteries.

9 thoughts on “Microsoft Azure Operational Insights Preview Series – Alert Management (Part 9)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.