In this post I’m going to give a quick overview of some the common tasks you can perform in OMS using queries. If you are looking for an Azure Log Analytics query quick start you can find it here. You can also find the official documentation here.
Lookup Tables
To create your own lookup tables you create a query that will return the desired results. Save the query and provide a function name for it. The function name will be the identifier you use to reference the lookup table in queries. In this example AllComputers is the lookup table/function
Event | join kind= inner ( AllComputers ) on Computer
Computer Groups
Computer groups are basically a specialised lookup table. You can use it in queries or other OMS functionality that act on a group of machines like scheduling updates. To create a computer group follow the procedure to create a lookup table but select the “Save this query as computer group” option to save it as a computer group instead of a plain lookup table.
Creating Custom Alerts
Alerts are based on queries that execute on a schedule, if the query returns any records the alert is triggerd. To setup an alert you start with a query to check for the alert condition. Click on the alert button on the top left to open the alert rule screen and configure your alert rules. Out of interest take a look at the actions the alert rule can perform on the right hand side, you can execute Azure Automation Runbooks or webhooks to create self healing systems or generate work items in your ITSM application.
UPDATE: Alerts are now created in the Monitor blade of the Portal in the Alerts menu -> Manage Alert Rules.
Create Custom OMS Dashboards
To create custom dashboards you use the View Designer which can be opened by clicking the green plus sign on the left panel. Double click the tile you want for your overview tile and fill in a query that will be used to populate the tile. This will be the tile you see on the home screen.
Add additional tiles to the view dashboard tab. These will be displayed when you click on the overview tile in the home screen.
Create Custom OMS Dashboards For Azure
To create custom dashboards for Azure from your OMS data you have to create a shared Azure dashboard first, more info here. The functionality to pin the dashboard is not in the OMS query screen, it is in the Azure Log Analytics screen. On the OMS query screen click on Advanced Analytics to open Azure Log Analytics in a new window.
Create your query in Azure Log Analytics and click on the pin on the right hand side to pin the chart to a shared Azure dashboard.
You can read more about OMS and Azure integration in this post.
It is a bit confusing having functionality split between OMS and Azure Log Analytics but eventually all the querying functionally will be in Azure Log Analytics.
OMS PowerBI Integration
There are two ways to use PowerBI with OMS. The first and simplest but more manual way is to export a query to PowerBI by clicking on the PowerBI button in the OMS query screen.
This will download your current query as a query text file that you can then import in PowerBI.
The second and more streamlined method is to link your OMS account to PowerBI but this requires an organisational/paid PowerBI account. In OMS in the settings menu click on Accounts and Connect To PowerBI account.
