Microsoft Operations Management Suite Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Operations Manager Alerts in Log Analytics

Integrating OMS with SCOM enables you to benefit from the extensive data collection, storage, and analysis capabilities of Log Analytics, and maintains your investments in System Center. Through SCOM integration with OMS, alert data created in SCOM is forwarded from the SCOM management group to the OMS repository. Once indexed, this data can then be analyzed with the Alert Management solution, which provides an intuitive breakdown of the alert data in SCOM.

To Connect SCOM to OMS:

  1. Open the SCOM console and select the Administration workspace.
  1. Expand the Operations Management Suite option and click Connection as shown in the following screenshot:
Figure 3.8

 

  1. Click the link to Register to Operations Management Suite.
  1. On the Operations Management Suite Onboarding Wizard: Authentication page, enter the email address or phone number and the password of the administrator account associated with your OMS subscription. Click Sign in.
  2. Once authenticated, on the Select Operations Management Suite Workspace page, select your workspace. Click on the drop-down to select your OMS workspace if you have more than one workspace, and then click Next.
  3. On the Summary page, confirm your settings and click Create.
  4. On the Finish page, click Close.
SCOM only supports one OMS workspace at a time. To change the OMS workspace integrated with SCOM, follow the same preceding steps to Re-configure Operations Management Suite.

Once you connect SCOM to OMS, SCOM is then used as a data source for Log Analytics, and SCOM alerts are written into the OMS repository as they are created and modified. You can use the following query to find alert records for alerts generated in SCOM:

Alert
| where SourceSystem == "OpsManager"

Alert records generated by the SCOM alerts in Log Analytics will have a type of alert, and a SourceSystem of OpsManager. The properties for these records will differ slightly from those of alert records created by alert rules in Log Analytics. This is because alerts in SCOM are generated by monitors or SCOM rules, and with integrated alert management in SCOM, monitors in SCOM. For instance the state of alerts, can be updated manually, or automatically if the alert is generated by a monitor.

To view the properties of an alert record created from an SCOM alert, from the results of the previous query, click the [+] show more button to expand the result view for one of the alert records. This will display all of the alert record properties and corresponding property values:

Figure 3.9

After alerts are created by the alert rule, you can then perform various actions on the alerts.

上一章目录下一章