Searching for different types of data with Microsoft OMS
Summary: Learn how to use the different values for the Type keyword in Microsoft Operations Management Suite Search.
Good morning everyone. Ed Wilson here. Today Teresa Wilson (aka The Scripting Wife) has been busy searching to identify various user groups that are related to System Center or Microsoft management and may have an interest in Microsoft Operations Management Suite.
You may (or may not know) that she was instrumental in helping create and sustain dozens of Windows PowerShell user groups over the years, and now that PowerShell MVPs are Cloud and Datacenter Management MVPs, she is trying to expand her horizons. So one of her projects is to help to create a list of user groups related to Microsoft management. Stay tuned for more information about this project.
Note This post is part of a seven part series about using MS OMS Search. The series includes:
- Easy Microsoft Operations Management Suite Search queries
- Accessing different data types in Microsoft OMS Search
- Filter data returned by Microsoft Operations Management Search
- Filter more data with Microsoft Operations Management Suite Search
- Query event log data with Operations Management Suite Search
- Use Microsoft Operations Management Suite search to track shutdown events
- Using Microsoft Operations Management Suite Search Strings
Search MS OMS logs with the Type keyword
Yesterday in Easy Microsoft Operations Management Suite Search queries, I talked about using free-form text (string literals) to search the MS OMS log data. Today I want to talk about using the Type keyword.
Note For more information about OMS Search syntax, see OMS Search reference on TechNet.
MS OMS log data is grouped into different types of data. Depending on the solutions implemented, there will be various types of data. For example, the Alert Management solution generates Alert data. I can submit a query such as:
Note Keep in mind that the Type keyword is case sensitive. Therefore, type=Alert will fail, as will type=alert. The error message says Invalid Number: Alert, so it is a bit confusing.
As you can see here, when I run my search, over 24,000 results return:
I can also search for a type of ADAssessmentRecommendation:
Note I can perform my query by using either a colon or an equal sign. So Type:Alert or Type=Alert both work. Also spacing here does not matter. I can use Type : Alert or Type:Alert (or Type = Alert or Type=Alert) and they all work.
I can search for a type of ProtectionStatus and return information about malware assessment:
I can find information from the Change Tracking solution by searching the ConfigurationChange type:
The Configuration Assessment Knowledge recommendations use KB recommendations, so the type is Recommendation:
But Servers and Workloads uses configuration objects, so the type is ConfigurationObject:
The Security and Audit solution uses the SecurityEvent type:
But it also uses the WireData type and the WindowsFirewall type. The following two queries can return millions of records:
The Containers solution uses the ContainerImageInventory type to keep track of containers:
It also uses the ContainerLog type to access the container logs:
SQL Assessment uses the SQLAssessmentRecommendation type:
The System Update solution uses the Update type:
This is an overview of some of the various types of data that can be searched by using the MS OMS Search tool. Keep in mind that unfiltered queries, such as the types I listed here can return tons of data, and my intention is only to introduce some of the types of data that are available. Next week we will begin filtering to produce more useful data.
That is all I have for you today. Join me next week when I’ll continue my series about searching MS OMS logs.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at email@example.com. I wish you a wonderful day, and I’ll see you tomorrow.
Microsoft Operations Management Team