- Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
- Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
- How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019
Once you get to the point where you're in charge of managing more than a few servers, you'll soon discover the troubleshooting challenge that comes when faced with tracking down an issue that's causing some kind of service disruption. Where's the first place you typically look on a Windows server? The event log. However, applications nowadays are not limited to a single server. What if the application experiencing the issue spans multiple servers? It soon becomes tedious sifting through events on all of those servers. This is where enterprise administrators turn to log analytics software.
Perhaps you've installed an appliance like Splunk or LogRhythm to consolidate all of those events into a single place. Now what? You've just got something else to manage when you begin to inundate it with too much data and you're forced to keep extending the disk space for it. What if you had some kind of service where you could just send all those events and never worry about overwhelming it, or even managing the upkeep of it at all? This is now possible with Microsoft's Azure Operational Insights (OpInsights).
As part of Microsoft's Operations Management Suite (OMS), OpInsights not only gives you a place to store all those events but it has Azure intelligence behind it, which will even give you suggestions on your service health, perform change tracking, and much more. In this article, let's go over OpInsights and how to get started using it.
Before you get too addicted to OpInsights, I'd suggest you first understand the pricing structure. As you can see below, you do have a free option, but you are limited to 500MB of data per day with a 7-day retention period. Otherwise, you'll need to purchase System Center licensing.
System Center Licensing
To get started, you'll need to head over to the OMS trial site and click on the Get Started button.
Operations Management Suite Trial Site
This will lead you through getting a trial account and your workspace set up.
Once you've got your workspace set up and you're in, click on the Settings tile.
Settings
Next, you'll choose all of the features you'd like to take advantage of. Since you're just starting out, I wouldn't worry about this step. Log Search is on by default. For now, this is good enough to get the basics setup.
Basics Setup
You'll then need to get the client installed on your servers. To do this, click on Connected Sources and download the appropriate agent for your servers. Also, it may be a good time to document the workspace ID and primary key. You'll need these to link up your client with your OpInsights account.
Downloading the Windows Agent
Once you've got the agent downloaded, run the installer on your server. On the Agent Setup Options screen, be sure to check Connect the Agent to Microsoft Azure Operational Insights.
Connect the Agent to Microsoft Azure Operational Insights
This will take you to the next screen, which is where you will provide the workspace ID and key that you saw earlier.
Microsoft Monitoring Agent Setup
Once this is done, click through the remaining steps to complete the install. This concludes the client setup.
At this point, you will need to wait awhile until the client is able to communicate with OpInsights and begin sending events to Azure. If all goes well, you will soon see your server show up as a data source on the Settings tile as well as appearing as a connected server inside Settings.
Server as a Data Source
Connected Sources
The next step will be defining which event logs you'd like for OpInsights to collect. To do this, you'll go over to the Data section in Settings. Below, I've typed Application and System into the event logs text box and clicked the plus sign.
Data Section in Settings
Notice you can also filter on specific event types as well. If you only plan on using OpInsights for troubleshooting purposes and would rather not use a lot of data, it might be a good idea to choose only Error and Warning for all of your event logs. Once you're done, click on the Save icon in the upper-right-hand corner.
At this point, it will take a while for your events to begin showing up in OpInsights. This is a perfect time to go exploring in the Solutions Gallery on the home screen.
Solutions Gallery
OpInsights can do a lot more than merely be a source to store your logs. It can also monitor system health, search for malware references with the client, and do many other things.
By the time you're done looking into the various solutions you can implement, your events might be showing up in Log Search.
Log Search
Simply go back to the home screen and click on Log Search. You will be presented with a slew of options to slice and dice your events in just about any way you please!
Subscribe to 4sysops newsletter!
OpInsights can do so much more than what we could cover today. If you'd like more information about OpInsights, I suggest checking out the OpInsights tutorial.
