Long-Running Saved Searches (or scheduled) that can generate an Alert and/or email notification
This could be useful for daily/weekly reports, as well for 'monitoring' type scenario.
The basic idea is you could be scheduling your query to run every so often, and then take some action such as raising an alert or email you the Excel/CSV results out, etc...
It would again - like dashboards - build on the foundation of 'saved searches' http://blogs.technet.com/b/momteam/archive/2014/07/25/system-center-advisor-limited-preview-saved-searches-cloud-attach-status-and-usage-and-more.aspx
You could ask HTML/Text or Excel output of results, or a customizable message you define, like in a SCOM Alert http://blogs.technet.com/b/momteam/archive/2014/08/29/check-it-out-export-advisor-search-results-to-excel.aspx
Or it could produce an Alert and store it in Search.
Or all of the above?
Thanks for voting for this suggestion.
We’ve now enabled the ability to have the results of a search generate either an e-mail notification or call an Automation runbook.
Read more on about it on our blog:
Try it out and then make additional suggestions on the feedback site.
Don't want to use a custom dashboard as I would either like a daily email with the new alerts that got created or as alerts get created an email alert like SCOM. Probably like most we are not looking at the console all day and at least an email alert would allow us to flag it our email as something we need to follow up on.
To further expand this could a daily or at least weekly email be generated for the recommendations.
excellent tool, perhaps one feature to add is the possibility of sending an automatic email to user mailboxes on ocurrence of defined triggered avents such as malware detection or administrators logon.
Too make this more of a compliment to SCOM, this service needs notifications like you have in SCOM. This service has some things in it that SCOM doesn't and I would like to not have to login to the console to find those alerts.
Hélder Pinto commented
Fire and forget would be enough for a first implementation. Ideally, the alert message should come not only with the raw results themselves (for example, a query for "measure avg(TimeTaken) by Computer" will return only computer and average response times), but also with the "side data" that is so much helpful in many situations (client IP distribution, status codes distribution, etc.).
For this scenario/functionality, while not 'real time' or 'long running', but more 'scheduled' in nature, also consider using Azure Automation (now a service in OMS) with the upcoming search API http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519057-programmatically-submit-search-requests-and-receiv
Strong support from my side. We have the exactly same scenario and would like to have Monitoring as SaaS.
I definitely agree with Martin. Email notifications is a must!
Martin O'Gorman commented
I think email alerts is a must. We are currently using operational insights (as I think its great) and I feel this is a limitation i.e. virus alert notification.
is possible send and sync OpInsight "tips" and "raccomandations" collected by Intelligence Pack, from OpInsight to Operations Manager to manage this as alert and notifications SCOM?