Summary: Learn how to find and use already created MS OMS search strings.
Good morning everyone. Ed Wilson here. Today, Teresa (aka The Scripting Wife) showed me a video taken by her friend that showed a squirrel trying to steal a coconut. I imagine the squirrel got overwhelmed thinking about how this nut would be the envy of all the other fuzzy headed squirrels, and with this one score, it would feed a family of four for a month.
Sometimes when trying to query MS OMS, I feel a bit like that squirrel. I mean, there is so much data, and it is a bit difficult to get my hands around it.
Note This post is part of a seven part series about using MS OMS Search. The series includes:
- Easy Microsoft Operations Management Suite Search queries
- Accessing different data types in Microsoft OMS Search
- Filter data returned by Microsoft Operations Management Search
- Filter more data with Microsoft Operations Management Suite Search
- Query event log data with Operations Management Suite Search
- Use Microsoft Operations Management Suite search to track shutdown events
- Using Microsoft Operations Management Suite Search Strings
Don’t forget the easy way to search MS OMS
I have been writing all week about using Microsoft Operations Management Suite Search. Although it is useful to learn the search syntax and be able to customize the search strings, don’t forget that MS OMS is designed to be easy. This means that for a lot of situations, the query is already created.
Note When I need to customize a MS OMS search, I like to refer to the OMS Search reference document on Technet.
For example, with the WireData solution installed, there is a new data type: WireData. A simple query to return the wiredata collected for the past week would be:
If I am interested in local subnet data, however, all I need to do is to click Local Subnets. Here I see that I have 14 local subnets:
The command to group TotalBytes by subnet is shown here:
Type:WireData | Measure Sum(TotalBytes) by LocalSubnet
But I don’t have to create that query string because it automatically is created when I click Local Subnets. I can dive in to a specific subnet that is generating a lot of traffic. I click a particular subnet, and it returns the records for that subnet. The query string changes again. This time it is looking for a particular subnet.
The records are shown here:
Each time I select something, I can watch the query string change, and I can see the resulting data. This is actually a pretty good way to learn how the different MS OMS search queries work.
But there is more…much more.
If I scroll to the right column in my WireData solution, I can see that there is a list of common wiredata queries that I can examine and select:
If, for example, I choose the first query in my solution, Agents that provide wiredata, I imagine it will return a list of servers that have the agent installed. To run the query, I click the blue search string. This opens the search string in Search and displays the results. Here are search query that runs and the results:
Type=WireData | measure Sum(TotalBytes) by Computer
So, while I am learning the MS OMS search query syntax, I am not stuck. In fact, I have many ways to peruse the collected data, and with each of these, I have another chance to see more complex search syntax and to learn to modify them on my own.
That is all I have for you today. Join me on Monday when I will talk about examining the #MSOMS configuration. Until then, have a great weekend.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at email@example.com. I wish you a wonderful day, and I’ll see you tomorrow.
Microsoft Operations Management Team