Double Heartbeat Events in OMS Log Analytics

Article, Azure, Azure Operational Insights Preview, Log Analytics, Microsoft, Operational Insights, Operational Insights, Operations Management Suite, Software, System Center, System Center Operations Manager 1 Minute

I was testing the new Agent Health solution in OMS and I’ve noticed that I have two Heartbeat events generated at the same time for the same computer but having different values for SCAgentChannel field. At first I thought it was some kind of bug related that this server is connected to SCOM management group and the MG is connected to OMS but also the server has direct connection to Internet.

image

I was wrong. I’ve reached out to my favorite PG (OMS) and I’ve got the reason why there are double events. When an agent is connected to OMS via SCOM Management group some data passes trough the SCOM Management servers other data like performance data, IIS logs and Security logs are being passed directly to the OMS service because of the high velocity of that data. So the two heartbeats are correct and very clever approach because basically you have two channels trough which you are passing data to OMS. Kudos to the OMS team for implementing this and thanks to Satya Vel for explaining me the reason for this behavior.
I hope this tip was useful for you.

Published by Stanislav Zhelyazkov

Stanislav Zhelyazkov has been working in IT since 2007. Stanislav has started his IT career as a Help Desk Specialist in 2007 while studying Informatics in the University of Ruse. He also worked in HP Enterprise Services (now known as DXC), maintaining large corporate IT infrastructures for clients in Holland, Switzerland and Germany and was involved in a Private Cloud project based on MS Hyper-V and System Center. He was also in the role of Principal Consultant in Lumagate developing and consulting companies on Azure, OMS, management and Private clouds. Currently he is Cloud Infrastructure Engineer at Sentia Denmark. Stanislav is active community member at MSDN forums providing answers on Azure. His blogposts can be found at www.cloudadministrator.net or www.systemcentercentral.com.

Published

7 thoughts on “Double Heartbeat Events in OMS Log Analytics

  1. Pingback: Visualising OMS Agent Heartbeat Data in Power BI | Tao Yang's System Center Blog

  2. Nice Article. Thx for sharing. Had a question regarding the ComputerIP field. Am noticing them for all Agents to not be sync with the definitions in on-prem SCOM.

    Reply

  3. ComputerIP in OMS(Type=HeartBeat) is the IP of the actual Agent or the IP of the SCOM Management Server , the Agent is pointed to ? Am noticing it’s the IP of the SCOM management Server.Is that by design ?

    Reply

  4. The IP is the public IP from where the traffic from your environment is going to OMS. When SCOM agent is connected to SCOM Management server and that server is connected to OMS the traffic for most solutions goes trough that SCOM server. That is why the events for your scom agents have the same IP. Exception is data for solutions like performance data, IIS logs and security logs. For those the traffic goes directly from the OMS agent to OMS. And that is explained in the blog post why you will have to heartbeat events.

    Reply
  5. Pingback: OMS - Anbindung einer OnPremise Infrastruktur: Direct attached Agent versus SCOM attached Agent - Data One Expertenblog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.