How to query custom logs data in Log analytics

This post is a follow-up on how to SCCM custom data into your log analytics environment. As soon as you have your SCCM custom logs, or any other logs, in log analytics they get indexed under the type you have specified. In this particular case I used SCCMLOG_CL (note that the CL is mandatory). So lets jump into the log analytics query window to find out what’s in the logs at this time: Browse to Log analytics => Logs The log analytics query window will open and will give you the opportunity to start your query journey: Remember our custom type: SCCMLOGS_CL. Note the autosuggest feature which will help you to create your own queries If you run this query you will get all the results within the type. This is a great way to check whether data is flying in. So now we’ll start finding more in detail patterns. If you type where in the next line you’ll get all the fields in your data: Let’s select...
Read More
Azure, Loganalytics Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

How to upload SCCM logs in Log Analytics

One of the great powers and conveniences of having all logs in 1 place is in fact that they are getting indexed and you can query them for different scenarios. Just recently I was working on a project together with SCCM engineers and they basically told me a couple of times “it’s in this or that logfile”, they fire up SCCMtrace and start looking for the specific entry and start troubleshooting from there. “OK” I thought, maybe just maybe there’s a better solution. Because of my monitoring background I don’t like to think reactive as in “it already happened” but love to think proactive. That’s why I proposed to dump all the logs in Azure log analytics to get them indexed and have alerting / reports on them. It took some convincing to get the SCCM engineers to believe this is possible but it is actually quite simple to set it up using log analytics and custom logs. So first up the requirements: You need to...
Read More
Azure, Loganalytics Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

Use OMS to calculate SCCM patch window

This blog post is part of the Coretech Global Xmas blogging marathon. To find all cool content please take a look at http://blog.coretech.dk/ Recently I have been exploring OMS a lot and came across a cool user scenario which really showcases the benefits of having all data in one place. Using this big data to connect the dots between different systems and creating even more insights in your environment and the relationships between the different systems. One demo which really had some eyes popping was in fact the calculation of the SCCM patch window with OMS. A lot of people already know that there’s a specific System Update Assessment solution which points out which machines are missing which updates. But there’s more to this solution that meets the eye on first sight. You can use this solution, but also the data gathered by OMS for all your updates, to calculate very precisely how long it will...
Read More

SCOM: Connect management groups between on-prem and Azure

  During a recent project I explored the benefits on hosting a 2 legged SCOM environment for both on-prem and cloud services. Although this is possible with just one management group and site to site VPN to the cloud they opted for a 2 management group approach to keep a certain sort of divider between the on-prem and the cloud. In this blog post (who knows it could become a series) I’ll show you how to connect the management groups to each other so they can exchange alerts and use 1 console but benefit from presence of a management group on both platforms. In this scenario I’m going to use connected management groups. As explained here http://technet.microsoft.com/en-us/library/hh230698.aspx Connecting management groups in SCOM 2012 gives you a couple of benefits. The biggest one in my opinion is the fact you can have multiple management groups with different settings but use 1 console to get all...
Read More