Uncovering Anomalies in Time-series Data with Kusto Query Language (KQL)
OpsMan
by Warren Kahn
3d ago
Anomaly detection is a crucial task in monitoring the performance of various systems. In this blog post, we will discuss how to use Kusto Query Language (KQL) to detect anomalies in CPU performance data. Spikes One of the most common types of anomalies is spikes in the data. Spikes occur when the data deviates significantly from its normal behavior. To detect spikes in CPU usage over time, we can use the following KQL query: let window = 24h; Perf | where ObjectName == "Processor" and CounterName == "% Processor Time" | where TimeGenerated > ago(window) | summarize avg(CounterValue),stdev ..read more
Visit website
Kusto Detective Agency: Challenge 5 – Big heist
OpsMan
by Warren Kahn
2M ago
Challenges Challenge 1: Here Challenge 2: Here Challenge 3: Here Challenge 4: Here Challenge 5: This article The ADX team upped their game once again. Time for a proper forensic investigation, track down the baddies, find clues and decipher their meaning all while racing against the clock. Can you come up with the date and location of the heist in time to stop them? General advice This challenge requires a bit of creative thinking, even with the hints there are multiple paths to go down and not all of them are going to lead to the right outcome. the key to this one, keep it simple and logic ..read more
Visit website
Kusto Detective Agency: Challenge 4 – Ready to play?
OpsMan
by Warren Kahn
2M ago
Challenges Challenge 1: Here Challenge 2: Here Challenge 3: Here Challenge 4: This article Challenge 5: Coming soon Just when you thought these challenges couldn’t get any cooler along comes your very own nemesis and a multi-part puzzle taking you on a street tour of New York City. General advice First, we need to import the data ourselves this time around, using Ingest from Blob under our data blade, you can also change the column name I used “Primes” Calculating the prime numbers can be a little tricky as our free ADX cluster requires us to be clever with our query in order to allow it to ..read more
Visit website
Kusto Detective Agency: Challenge 3 – Bank robbery!
OpsMan
by Warren Kahn
2M ago
Challenges Challenge 1: Here Challenge 2: Here Challenge 3: This article Challenge 4: Coming soon Challenge 5: Coming soon I must admit that the difficulty spike on the challenges is both refreshing and surprising. The level of care that went into crafting each of these scenarios is outstanding and the ADX team have certainly outdone themselves, if you like these cases as much as I do you can let the team know at kustodetectives@microsoft.com General advice Again, this case requires some pretty heavy assumptions to solve, some of which the hints will give you clarity on. It’s very easy when ..read more
Visit website
Kusto Detective Agency: Challenge 2 – Election fraud in Digitown!
OpsMan
by Warren Kahn
3M ago
Challenges Challenge 1: Here Challenge 2: This article Challenge 3: Coming soon Challenge 4: Coming soon Challenge 5: Releasing 13th November These challenges are a fantastic hackathon approach to learning KQL, every week poses a new and unique approach to different KQL commands and as the weeks progress, I’ve learned some interesting tricks. Let’s take a look at challenge 2. General advice I’ve mentioned previously that there are hints that can be accessed from the detective UI, from this challenge onwards the hints provide critical information and without them there are assumptions you ne ..read more
Visit website
Kusto Detective Agency: Hints and my experience
OpsMan
by Warren Kahn
3M ago
So, what is the Kusto Detective Agency? This set of challenges is an amazing, gamified way to learn the Kusto Query Language (KQL), which is the language used by several Azure services including Azure Monitor, Sentinel, M365 Defender and Azure Data Explorer (ADX) to name a few. Using your skills, you will help the citizens of Digitown solve mysteries and crimes to make the city a better place! How do I get started? The challenges are available here https://detective.kusto.io/, follow a few basic steps to get started by creating an ADX cluster here https://aka.ms/kustofree and copy the Cl ..read more
Visit website
Azure Monitor: VM insights now supports Azure Monitor agent
OpsMan
by Warren Kahn
6M ago
It’s been on my wish list for a while, but it looks like the Azure Monitor has a present for us. You can now enable VM Insights using Azure Monitor Agent (AMA). Note: This is public preview. With this release these are the key features: Easy configuration using data collection rules(DCR) to collect VM performance counters and specific data types. Option to enable/disable processes and dependencies data that provides Map view, thus, optimizing costs. Enhanced security and performance that comes with using Azure Monitor agent and managed identity. For those not familiar with VM Insights here i ..read more
Visit website
Azure Monitor Basic Logs
OpsMan
by Warren Kahn
6M ago
What are Basic Logs? Relatively new and still in preview Basic Logs are a way to save costs when working with high-volume logs typically associated with debugging, troubleshooting and auditing but they should not be used where analytics and alerts are important. How do I configure one? Firstly, it is important to note that tables created with the Data Collector API do not support Basic Logs. The following are supported: Logs created via Data Collection Rules (DCR) ContainerLogsv2 (Used by Container Insights) Apptraces All tables by default are set to analytics mode, in order to ch ..read more
Visit website
SCOM 2019: Update rollup 4 has arrived!
OpsMan
by Warren Kahn
6M ago
UR 4 is a fairly big update with a host of improvements and fixes, as always it can be downloaded from the catalog here now lets dive right in. Overall some expected improvements to suppport later operating systems and versiosn of .net there are a tonn of fixes mostly around correcting minior issues which are too numerous to list here but can be found on the KB page Improvements Support for Windows 11 Enabled .NET4.8 support UI improvements in Operations console: Support for sort option by column, in Overrides Summary. For Monitors, Rules, Task and Discoveries, Management Pack label text is ..read more
Visit website
Azure Managed Grafana
OpsMan
by Warren Kahn
6M ago
Recently announced the preview for Azure Managed Grafana is now available. For those who maybe don’t know Grafana is an observability platform which lets you create mixed data dashboards form a variety of sources. And now you can run it in Azure! Lets get started First you need to create a Grafana workspace, in the Azure Portal search for Azure Managed Grafana select it and click +Create. Fill out all the usual suspects, choosing your subscription, resource group, location and workspace name. On the following tab create a managed identity as this is the way Grafana will be able to access data ..read more
Visit website

Follow OpsMan on Feedspot

Continue with Google
OR