Great to see OMS NPM now supports Expressroute

Please see here for more info: Start monitoring today This capability is in preview in West Central US and West Europe Azure regions and should be available in Eastern US and South East Asia in a week. You can enroll in the preview by sending us your workspace information. For more information, please visit…


Free Azure learning resources for Customers and partners

The Azure Learning team has published a set of free learning paths for customers and partners: The best way to review this is through this short video (2:22 minutes) 


Cloud Tech 10: Only have 10mins to learn about Azure then…

Take a look at the 10min sessions Mark delivers, here is this weeks Others can be found here This week’s Cloud Tech 10 is available now! In less than 10 minutes, learn more about


Azure Log Analytics: Cross Workspace Query

This was announced at Ignite last week, see here  which I missed at the time.   Adding the ‘withsource=SourceTable’ I have found to be really useful to see where the data was found.  If the returned SourceTable is just “SecurityEvent” as per this example its from your local workspace, if its workspace(‘<insert your remote workspace…


Azure Log Analytics: Dynamic Arrays

In my first post on parsing we looked for Eventlog data and parsed the info to get User names from with data in the Event log.  Sometimes we want to work with a list of values such as User or Computer names and look for these in the data.  Jon once again asked for a…


Azure Log Analytics: Sorting Events

Jon (who also works at Microsoft) was asking me how to use an ‘or’ to filter EventIDs, I thought I’d add some syntax examples. We have seen in the last post that you can get Event or SecurityEvent details.  I’ll use SecurityEvents as the example but you can use Events if you prefer.  All examples…


Azure Log Analytics: Using Perfmon data

Updated: As last night the Settings moved to the Azure portal Today I was looking at Perfmon data for a particular process.  In this case it happened to be lsass.exe but only on Domain Controllers. I needed to add this Perfmon Counter to OMS, in Settings – Data – Windows Performance Counters  (via the OMS…


Azure Log Analytics: Using the Parse operator

Updated: to include some screenshots (as thus wasn’t working the other day) Today I had to look at getting some data from SecurityEvent.  This is using the new Log Analytics query language and the Advanced Analytics portal. I was looking at EventID: 5061, but you can use any EventID you like, e.g. SecurityEvent | where…


Have you have upgraded to the new OMS Query language?

This new language and features was announced here  The new documents and samples can be found at and