How to query custom logs data in Log analytics

This post is a follow-up on how to SCCM custom data into your log analytics environment. As soon as you have your SCCM custom logs, or any other logs, in log analytics they get indexed under the type you have specified. In this particular case I used SCCMLOG_CL (note that the CL is mandatory). So lets jump into the log analytics query window to find out what’s in the logs at this time: Browse to Log analytics => Logs The log analytics query window will open and will give you the opportunity to start your query journey: Remember our custom type: SCCMLOGS_CL. Note the autosuggest feature which will help you to create your own queries If you run this query you will get all the results within the type. This is a great way to check whether data is flying in. So now we’ll start finding more in detail patterns. If you type where in the next line you’ll get all the fields in your data: Let’s select...
Read More

How to upload SCCM logs in Log Analytics

One of the great powers and conveniences of having all logs in 1 place is in fact that they are getting indexed and you can query them for different scenarios. Just recently I was working on a project together with SCCM engineers and they basically told me a couple of times “it’s in this or that logfile”, they fire up SCCMtrace and start looking for the specific entry and start troubleshooting from there. “OK” I thought, maybe just maybe there’s a better solution. Because of my monitoring background I don’t like to think reactive as in “it already happened” but love to think proactive. That’s why I proposed to dump all the logs in Azure log analytics to get them indexed and have alerting / reports on them. It took some convincing to get the SCCM engineers to believe this is possible but it is actually quite simple to set it up using log analytics and custom logs. So first up the requirements: You need to...
Read More