Learn how to get started using OMS Alert Management
Summary: Learn how to get started using the Microsoft Operations Management Suite Alert Management solution from installing, configuring, and creating your first alert in this post by Ed Wilson.
This post is the second post in a multi-part series of blog posts about OMS alerting. To fully understand this post, you should read the entire series in order.
Here are the posts in the series:
- OMS alerting is now generally available
- Learn how to get started using OMS alert management
- Use OMS to create alerts for missing security and other updates
- Set up an Operations Management Suite alert that detects suspicious executables
- Use the OMS log search feature to report on custom OMS alerts
Good morning everyone, Ed Wilson here. With the release to general availability of the OMS Alerting I thought it would be a great idea to walk through the installation and configuration of Microsoft Operations Management Suite (OMS) alerting.
First add a search
Ok, here is the secret … there is no installation needed to use OMS Alerting. The first thing I need to do is to create a search. That is right, I need a search. I have written several blog articles about OMS search, and you may want to refer to some of them if you need a search to get started with.
NOTE: OMS Alerting is automatically added into your OMS console, you do not need to add an alerting solution. There is an Alert Management Solution, but this is not the same thing as the Alerting we recently put into GA.
So, I select Log Search from my OMS console, and that brings me to the Search page. This page appears here:
I can now write a new search, or I can use one of my saved searches. Probably one of the easiest things to do is to use one of the OMS solutions that you are already using, and then when you run that solution, it generates a search string for you. For example, if I choose Malware assessment, I can find computers with an active threat. When I select that search, am taken to the search page that shows both the query as well as the results. From that page, I select Alert. This appears in the figure here:
Configure the Alert
So, now that I have my query, I go to the Add Alert Rule page. From here, I have to add three things:
- The Alert rule name
- The Alert Threshold
- The Email Address and subject of the email for alert notification
That is it … that is all that I have to do to make this work. Here is the Add Alert Rule page:
Adding additional configuration to the Alert rule
I may want to change some of the additional configuration information. Such as the following:
- The Time window – the time for which duration that we look for the alert. In general, 15 minutes is a good time window.
- The Alert Threshold is how many events need to be present before the Alert is triggered.
- The Alert Frequency is how often we check for this threshold
- Throttle Alerts will set an alert to stop firing for a specified period time after the initial alert triggers. This is a good way to keep from being spammed with lots of alert email messages.
- Add a Webhook URL and a custom JSON payload. This gives the ability to specify a WebHook URL to send the alert to. This makes it easy to integrate alerting with other tools.
- Trigger a Runbook based upon the alert. This is an easy way to specify an OMS runbook to take remediation based upon the alert.
That is all I have for you today. If you would like to get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test out the new alerting features, you can do so from here. You can also get a free subscription for Microsoft Azure as well by selecting this link.
Join me tomorrow when I’ll talk about some more cool stuff related to OMS alerting.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy Blog. If you have any questions, send email to me at email@example.com. I wish you a wonderful day, and I’ll see you tomorrow.