Introduction

Microsoft Operations Management Suite (OMS) is Microsoft’s cloud-based IT management solution that helps manage and protect on-premises and cloud infrastructure.

OpsRamp configuration

Configuration involves the following:

  1. Installing the integration.
  2. Configuring the integration.

Step 1: Install the integration

To install:

  1. Select a client from the All Clients list.
  2. Go to Setup > Integrations > Integrations.
  3. From Available Integrations, select Monitoring > OMS.
  4. Click Install.

Step 2: Configure the integration

To configure the integration:

  1. From the API tab, provide the following:
    • Authentication: Copy Tenant Id, Token and Webhook URL for configuration. These settings are used for creating a HTTP Request template.
    • Map Attributes: Provide the mapping information for the third-party.
  2. From the Monitoring of Integration tab, click Assign Templates.
  3. From the Audit Logs, set up audit log criteria and time frame.

Configuring the map attributes

To configure the mapping attributes:

  1. Select the required OpsRamp property from the drop-down.
  2. Click Add Mapping Attributes to map attributes for the specific OpsRamp alert property.
  3. Click + to define the mappings.
  4. From Create Alert Mappings on Status, define the mappings, parsing conditions, and default values, and Save.

The following tables shows the attribute mappings.

Property Mappings
OMS PropertyOpsRamp Property
subjectAlert subject
descriptionAlert description
alertTimeAlert time
currentStateAlert state
serviceNameAlert metric
device.hostNameAlert resource name

OMS configuration

Configuration involves:

  1. Creating a log search.
  2. Configuring alert rules.

Log searches helps retrieve data from the workspace. Alert rules then proactively identify issues from the log search data and create alerts. Further, you can define the necessary actions to do on the alerts. For example, a user wants to send alerts on Event Log Errors to OpsRamp using Webhook, then create a Log Search for Event Log Errors and configure the action Webhook in Alert Rule.

To create a log search"

  1. Log in to Microsoft Azure.
  2. Go to Log Analytics (OMS) and click a workspace
  3. In the Management section, click Log Search.
  4. Provide the details for the Search and click Save.
Log Search

Log Search

Step 2: Configure alert rules

To configure the alert rules:

  1. In the General section, click Alert and configure the following:
    • Name: Provide name for alert rule.
    • Search query: Select the search query from the drop-down. Note: Select Use current search query to use the current query or select an existing search from the list.
      Search Query

      Search Query

    • Time window: Time range for the query. The query returns records that were created within this range of the current time.
      For example:
      • Time window is set to 30 minutes
      • Query is run at 12:30 PM
      • Records created between 12:00 PM and 12:30 PM are returned.
  2. In the Schedule section, provide the following:
    • Alert frequency**: Provide values for alert frequency. Alert frequency specifies how often a query should run.
      For example:
      • Time window is set to 30 minutes and Alert frequency is set to 60 minutes.
      • Query is run at 12:30 PM
      • Records between 12:00 PM and 12:30 PM are returned.
      • The next time the query would run is 1:30 PM and would return records between 1:00 PM and 1:30 PM.
    • Generate alert based on: Select Number of results.
    • Number of results: Select the logical operator from the drop-down and then provide the value. An alert is created if the number of records returned is greater than or less than the value.
  3. In the Actions section:
    1. Click Yes in Webhook to post OMS alerts to OpsRamp.
    2. Provide the Webhook URL https://{api-url}/integrations/alertsWebhook/{client_id}/alerts/?vtoken={vtoken}
      Note: Provide Tenant Id and Token from the OpsRamp configuration.
    3. Select Include custom JSON payload and provide the payload:
    4. Click Save to save the alert rule.

Payload

{
    "subject": "#Description",
    "description": "#Description",
    "alertTime": "#SearchIntervalStartTimeUtc",
    "currentState": "#Severity",
    "serviceName": "#AlertRuleName",
    "device": {
        "hostName": "#SearchResult.tables\[0\].rows\[2\]"
        },
    "app": "OMS"
    }
Alert Rule

Alert Rule

Alerts are created for the criteria defined in the alert rule and OpsRamp successfully receives alerts from OMS.