Introduction
Microsoft Operations Management Suite (OMS) is Microsoft’s cloud-based IT management solution that helps manage and protect on-premises and cloud infrastructure.
OpsRamp configuration
Configuration involves the following:
- Installing the integration.
- Configuring the integration.
Step 1: Install the integration
To install:
- From All Clients, select a client.
- Go to Setup > Integrations > Integrations.
- From Available Integrations, select Monitoring > OMS.
- Click Install.
Step 2: Configure the integration
To configure the integration:
- From the API tab, provide the following:
- Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
- Map Attributes: Provide the mapping information for the third-party.
- From the Monitoring of Integration tab, click Assign Templates.
- From the Audit Logs, set up audit log criteria and time frame.
Configuring the map attributes
To configure the mapping attributes:
- Select the required OpsRamp property from the drop-down.
- Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
- Click + to define the mappings.
- From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values, and Save.
The following tables shows the attribute mappings.
OMS Property | OpsRamp Property |
---|---|
subject | Alert subject |
description | Alert description |
alertTime | Alert time |
currentState | Alert state |
serviceName | Alert metric |
device.hostName | Alert resource name |
OMS configuration
Configuration involves:
- Creating a log search.
- Configuring alert rules.
Log searches helps retrieve data from the workspace. Alert rules then proactively identify issues from the log search data and create alerts. Further, you can define the necessary actions to perform on the alerts. For example, a user wants to send alerts on Event Log Errors to OpsRamp via Webhook, then create a Log Search for Event Log Errors and configure the action Webhook in Alert Rule.
Step 1: Create a log search
To create a log search"
- Login to Microsoft Azure.
- Go to Log Analytics (OMS) and click on a workspace
- In the Management section, click Log Search.
- Provide the details for the Search and click Save.
Step 2: Configure alert rules
To configure the alert rules:
- In the General section, click Alert and configure the following:
- Name: Provide name for alert rule.
- Search query: Select the search query from the drop-down. Note: Select Use current search query to use the current query or select an existing search from the list.
- Time window: Time range for the query.
The query returns records that were created within this range of the current time.
For example:- Time window is set to 30 minutes
- Query is run at 12:30 PM
- Records created between 12:00 PM and 12:30 PM are returned.
- In the Schedule section, provide the following:
- Alert frequency**: Provide values for alert frequency. Alert frequency specifies how often a query should run.
For example:- Time window is set to 30 minutes and Alert frequency is set to 60 minutes.
- Query is run at 12:30 PM
- Records between 12:00 PM and 12:30 PM are returned.
- The next time the query would run is 1:30 PM and would return records between 1:00 PM and 1:30 PM.
- Generate alert based on: Select Number of results.
- Number of results: Select the logical operator from the drop-down and then provide the value. An alert is created if the number of records returned is greater than or less than the value.
- Alert frequency**: Provide values for alert frequency. Alert frequency specifies how often a query should run.
- In the Actions section:
- Click Yes in Webhook to post OMS alerts to OpsRamp.
- Provide the Webhook URL
https://{api-url}/integrations/alertsWebhook/{client_id}/alerts/?vtoken={vtoken}
Note: Provide Tenant Id and Token from the OpsRamp configuration. - Select Include custom JSON payload and provide the payload:
- Click Save to save the alert rule.
Payload
{
"subject": "#Description",
"description": "#Description",
"alertTime": "#SearchIntervalStartTimeUtc",
"currentState": "#Severity",
"serviceName": "#AlertRuleName",
"device": {
"hostName": "#SearchResult.tables\[0\].rows\[2\]"
},
"app": "OMS"
}
Alerts are created with respect to the criteria defined in the alert rule and OpsRamp successfully receives alerts from OMS.