Using Power BI and OMS to visualize event and alert information

[Updated 11/29/2017: for the new query language for Log Analytics]

In the first blog post of this series we discussed how to visualize security information gathered into OMS through Power BI. In the second blog post we showed how performance information gathered into OMS can be visualized through Power BI. In this blog post we will show how you can visualize all event information gathered by OMS in Power BI.

As it should be apparent by now, the formula and approach to get this data into Power BI is the same in each case. The steps are:

  1. Activate OMS (http://www.microsoft.com/oms)
  2. Add systems into your OMS (direct attached or through integration with your Operations Manager environment)
  3. Add solutions to your OMS
  4. Create a query for the information which you want to send to Power BI
  5. Visualize the data the way that you would like to in Power BI (http://powerbi.microsoft.com)

The only parts of this process which are different than the previous two blog posts are the query which is used and the approach which is taken to visualize this data. This blog post will therefore focus on those two items.

 

Sending event information from OMS to Power BI:

If you are trying to determine what type of data to send to Power BI through OMS, one place to start is with the “Search *” query. This returns all of the types of data which OMS has.

From here we can see the types of data which exist in OMS. My list currently includes: SecurityEvent, WireData, Perf, Event, AlertHistory, Alert, ConfigurationChange, Update, ADAssessmentRecommendation, RequiredUpdate, SQLAssessmentRecommendation, ProtectionStatus, UpdateAgent, UpdateSummary, ConfigurationObject, ConfigurationObjectProperty. For this example we will be gathering all event information so the updated query would be:

Event

Again this can be scoped to return more specific data but for now that will be sufficient. If we wanted to return all alert information the query would be:

Alert

Once we have the alert we can use the Power BI integration to connect OMS to Power BI using this query.

 

Sample Power BI dashboard for events:

A sample Power BI dashboard for events is shown below.

These results can be filtered by the fields on the right (Source, EventLevelName):

This dashboard makes it easy to identify what types of events are being logged into OMS.

 

Sample Power BI dashboard for alerts:

To find the alert information a sample query is:

Alert

Once we have the query that we are looking for we can create the Power BI integration as shown in the event sample above.

 

Sample Power BI dashboard for events:

A sample Power BI dashboard for events is shown below.

This dashboard can be easily filtered on AlertPriority and AlertSeverity as shown below with the results filtered to only normal AlertPriority and information for the AlertSeverity.

This dashboard can be easily filtered on AlertPriority and AlertSeverity as shown below with the results filtered to only AlertSeverity of Error.

This dashboard makes it easy to identify high and low repeat count alerts, and to quickly assess alerts which are being sent from Operations Manager into OMS.

 

Additional reference:

Summary: The integration of information from OMS into Power BI opens the door to a wide variety of visualization options which may be useful to your organization. If you are not already working with this functionality I highly recommend checking it out!

Tags:, ,

Leave a Reply

x

We use cookies to ensure the best possible experience on our website. Detailed information on the use of cookies on this site is provided in our Privacy and Cookie Policy. Further instruction on how to disable our cookies can be found there.