OMS Heartbeat failures and creating alerts

  • Article

 

Feel like you have a ton of data, but lack insights?

 

 

Would like to thank the Product team to clarify how to do this with Kusto (new OMS Query language)

 

If you use OMS and need to verify the most recent data collection

Heartbeat | summarize max(TimeGenerated)

If you want to check a specific machine you can run this one:  

Heartbeat | where Computer=="contosovm" | summarize max(TimeGenerated)

If you want to build an alert based on it you can write something like:

Heartbeat | where Computer=="contosovm" | summarize m=max(TimeGenerated) | where m < ago(15m)

The last query will return result only if you have heartbeat missing for more than 15 minutes.

 

If you need additional information on OMS query syntax, check out Antoni's blog

https://blogs.technet.microsoft.com/antoni/2018/02/03/operations-management-suite-101-log-analytics-queries-101/

 

Kusto site https://kusto/