Programmatically Change Azure Log Analytics Pricing Model

Microsoft recently introduced a new model for purchasing Azure Log Analytics. To use this new model you will basically have to enable it on per subscription bases. In short you can either continue to use the old models or flip a switch on your subscription to use the new model. You cannot use both models for different workspaces in your subscription and you cannot move between the old models and the new ones without flipping that switch. Of course flipping that switch is easy as going into the Azure Portal -> Azure Monitor -> Usage and estimated costs blade but what about if you want to do this programmatically? Apparently there is a way to do it that way and in this blog post I will show you how.

Continue reading “Programmatically Change Azure Log Analytics Pricing Model”

Mitigate speculative execution side-channel vulnerabilities

Seems the new year bring us some bad surprises in terms of security. There has been some rumors and now turned out to be truth that certain processors are vulnerable to certain attacks. Yes processors. That means that affects a wide variety of Operating Systems. As Microsoft puts it:

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Source: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

Continue reading “Mitigate speculative execution side-channel vulnerabilities”

OMS Analytics Portal Can Now Display Results In Your Local Time Zone

As you are familiar currently OMS has two search portals – the legacy one located in OMS classic Portal and the Analytics one. The Analytics Portal is slowly getting some of the cool features from the legacy Search Portal. One feature that was very handy in it was that TimeGenerated was displayed in the time zone you are accessing it. This is very handy when you have to investigate as it helps you track the events, logs and metrics at your local time. This was missing in the Analytics portal but now it is there and even enhanced.

Continue reading “OMS Analytics Portal Can Now Display Results In Your Local Time Zone”

Free E-book: Inside #MSOMS v2 now available

It took us some time but we’ve managed to update the one and only free OMS book. We had plans to release it earlier but unforeseen things has happened which prevented us to do it earlier. I hope you will understand but you will still enjoy it. The other authors and me put a lot of effort to get it out along with the reviewers.

The new query language of Log Analytics is not included in the book but that should not discourage you as the content is still relevant.

Go grab Inside the Microsoft Operations Management Suite for free. Let us know if you have any feedback.

I mostly would like to thank my fiancée for being patient with me and supporting me while I was writing my chapters.

[Cross-Post] How To Detect And Protect Yourself From WannaCry

Make sure to check out this blog post that I’ve wrote on my company’s web site.

How To Detect And Protect Yourself From WannaCry

Reserved Common Fields in Log Analytics

I’ve recently been playing with some solution development and I’ve noticed something interesting.

When we are using the OMS Data Collector API we send data by creating json file. That json file is in simple format like this:

{
"property1": "value1",
"property2": "value2"
"property3": "value3",
"property4": "value4"
}

In this pseudo code property is the name of our fields. So when the data is uploaded to OMS the name for field property1 will turn to property1_s. Basically OMS adds suffix to the name of each field and this suffix represents the data type of the value for the field.

There are some exception though. For example if our property is called Computer that will not turn into Computer_s in Log Analytics. Basically the Computer field is a special one. Turned out there are more such fields actually and they are called Reserved Common Fields.

Continue reading “Reserved Common Fields in Log Analytics”

Moving Update Worker Server between OMS Workspaces

Recently I’ve been fairly occupied in writing the second edition of Inside Microsoft Operations Management Suite book but now that I’ve finished my chapters I can go back to writing some blog posts.

Update Workers are like Hybrid Workers but they are automatically registered by the Update Management solution. This creates a problem because there is no way to unregister such server unlike the Hybrid Workers which have PowerShell cmdlets installed locally on the server.

Fear not though. There is easy way to move Update Worker between different workspaces as long as you follow the steps:

Continue reading “Moving Update Worker Server between OMS Workspaces”