Category: Log Analytics

Send data to OMS Log Analytics with Java code

Here is an example how to send data to OMS Log Analytics directly from your Java code. To get more information how to change the variables and how to see the data in OMS please see the blog post where I do the same in bash and curl – blog post: Send data to OMS Log Analytics with Curl from a Linux server.

 

import java.util.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import java.io.DataOutputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.xml.bind.DatatypeConverter;

public class oms {

	public static void main(String[] args) {

		// Update the customer ID to your Operations Management Suite workspace ID
		String customer_id = "workspaceid";

		// For the shared key, use either the primary or the secondary Connected Sources client authentication key
		String shared_key = "workspacekey";

		// The log type is the name of the event that is being submitted
		String log_type = "CustomApplication";
		
		// Input to OMS Log Analytics
		String json = new String("{\"LinuxCurlId\":\"001\",\"LinuxCurlValue1\":\"value1\"}");
		
		String Signature = "";
		String encodedHash = "";
		String url = "";

		// Date object
		Date date = new Date();

		// Todays date input for OMS Log Analytics
		String timeNow = String.format("%ta, %<td %<tb %<tY %<tT GMT", date );
   
		// String for signing the key
		String stringToSign="POST\n" + json.length() + "\napplication/json\nx-ms-date:"+timeNow+"\n/api/logs";


		try {
			byte[] decodedBytes = Base64.decodeBase64(shared_key);

			Mac hasher = Mac.getInstance("HmacSHA256");
			hasher.init(new SecretKeySpec(decodedBytes, "HmacSHA256"));
			byte[] hash = hasher.doFinal(stringToSign.getBytes());
		    
			encodedHash = DatatypeConverter.printBase64Binary(hash);
			Signature = "SharedKey " + customer_id + ":" + encodedHash;
	    
			url = "https://" + customer_id + ".ods.opinsights.azure.com/api/logs?api-version=2016-04-01";	    
			URL objUrl = new URL(url);
			HttpsURLConnection con = (HttpsURLConnection) objUrl.openConnection();
			con.setDoOutput(true);
			con.setRequestMethod("POST");
			con.setRequestProperty("Content-Type", "application/json");
			con.setRequestProperty("Log-Type",log_type);
			con.setRequestProperty("x-ms-date", timeNow);
			con.setRequestProperty("Authorization", Signature);
	        
			DataOutputStream wr = new DataOutputStream(con.getOutputStream());
			wr.writeBytes(json);
			wr.flush();
			wr.close();

			int responseCode = con.getResponseCode();
			System.out.println("\nSending 'POST' request to URL : " + url);
			System.out.println("Post parameters : " + json);
			System.out.println("Response Code : " + responseCode);
		}
		catch (Exception e) {
			System.out.println("Catch statement: " + e);
		}
	}
}

 

Windows Free Storage OMS View

This is a view for showing the free storage on drives in Windows. Please feel free to provide feedback and tell me if things don’t work as expected.

Before importing the view below please add the Windows Performance Conter ”LogicalDisk(*)\% Free Space” under Settings->Data.

1 Windows Free Storage

Example of the view.

2 Windows Free Storage

3 Windows Free Storage

Download the view and import it into OMS: Windows Free Storage

Send data to OMS Log Analytics with Curl from a Linux server

Here is an example how to send data to OMS Log Analytics with Curl from a Linux server. I have created a bash script that creates everything that is needed for Curl to send data to OMS Log Analytics. Just add your Workspace ID and Workspace Key and try it out. Hope it is useful for you!

Save the following script, make the changes necessary and then run it.

#!/bin/bash
LANG=en_us_8859_1

# Update the customer ID to your Operations Management Suite workspace ID
ws="workspaceid"

# For the shared key, use either the primary or the secondary Connected Sources client authentication key
key='workspacekey'

# Name of the log generated
LogType='LinuxCurl'

data='{"LinuxCurlId":"001","LinuxCurlValue1":"value1"}'

timestamp=$(date -u +"%a, %d %b %Y %H:%M:%S GMT")

stringToSign=$(echo -e "POST\n${#data}\napplication/json\nx-ms-date:${timestamp}\n/api/logs")

decodedkey=`printf %s "$key" | base64 -d`

encodedHash=`printf %s "$stringToSign" | openssl dgst -sha256 -binary -hmac "$decodedkey" | sed 's/^.* //' | base64`

Signature="SharedKey $ws:$encodedHash"

curl -H "Content-Type:application/json" -d "${data}" "https://${ws}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01" -H "x-ms-date:${timestamp}" -H "Log-Type:${LogType}" -H "Authorization:${Signature}" -v

The first time you run the script OMS Log Analytics will create Custom Fields for you based on your data input.

Send data to OMS Log Analytics with Curl from a Linux server1

After some time, you will see the first data from your script. As for now, the data record will not be complete from the beginning. But after some time, the data record  will be updated and all information will be shown. When you see the full data record, all the following record will have all information from the beginning without any delay.

Send data to OMS Log Analytics with Curl from a Linux server2

To get more information, please have a look at Microsoft documentation – https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api

Custom OMS Solution for Processor, Memory and Volume C utilization

I got a question if I could create a custom OMS solution that was collecting information about Processor, Memory and the Volume C on all servers. This is what I came up with.

2

1

To get started download my solution and import it through View Designer.

Download solution: ComputerUtilization 

To get data in to the solution go to Settings -> Data -> Windows Performance Counters and enable the following Counters.

6

 

Solution

More information how the Solution is built.

Processor

3

General
Group Title: Averaged Processor Utilization last 10 min

Title 1
Legend: Computers with average CPU over 90% utilization
Query: Type:Perf ObjectName=Processor CounterName=”% Processor Time” InstanceName=_Total TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue > 90

Title 2
Legend: Computers with average CPU over 80% utilization
Query: Type:Perf ObjectName=Processor CounterName=”% Processor Time” InstanceName=_Total TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue > 80 and AggregatedValue < 90

List
Query: Type:Perf ObjectName=Processor CounterName=”% Processor Time” InstanceName=_Total TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer

Enable Thresholds
7-custom-oms-solution-for-processor-memory-and-volume-c-utilization

Memory

4

General
Group Title: Averaged memory utilization last 10 min

Title 1
Legend: Computers with average Memory over 90% utilization
Query: Type:Perf ObjectName=Memory CounterName=”% Committed Bytes In Use” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue > 90

Title 2
Legend: Computers with average Memory over 80% utilization
Query: Type:Perf ObjectName=Memory CounterName=”% Committed Bytes In Use” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue > 80 and AggregatedValue < 90

List
Query: Type:Perf ObjectName=Memory CounterName=”% Committed Bytes In Use” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer

Enable Thresholds
7-custom-oms-solution-for-processor-memory-and-volume-c-utilization

Navigation Query: Type:Perf ObjectName=Memory CounterName=”% Committed Bytes In Use” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer

Disk Volume C

5

General
Group Title: Disk volume C utilization in percentage last 10 min

Title 1
Legend: Disk volumes with less than 10% free space
Query: Type:Perf ObjectName=LogicalDisk InstanceName=”C:” CounterName=”% Free Space” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue < 10

Title 2
Legend: Disk volumes with less than 20% free space
Query: Type:Perf ObjectName=LogicalDisk InstanceName=”C:” CounterName=”% Free Space” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer | where AggregatedValue < 20 and AggregatedValue > 10

List
Query: Type:Perf ObjectName=LogicalDisk InstanceName=”C:” CounterName=”% Free Space” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer

Navigation Query: Type:Perf ObjectName=LogicalDisk InstanceName=”D:” CounterName=”% Free Space” TimeGenerated>NOW-10MINUTES | measure avg(CounterValue) by Computer