Daniele Muscetta

My feedback

  1. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    ‘owned’ currently means ‘added’ to this workspace.
    We got the term for consistency with how it says in the Windows Store, but there is no concept of a ‘user’ acquiring an IP and then adding it to the workspace(s). You always just add it to the workspace and that’s it.

    But we’ll consider a better/clearer terminology if this is unclear, thanks for the feedback.

    You seem to like just ‘Added’?

    Daniele Muscetta commented  · 

    Plus, very simply put, the IP's the workspaces 'owned' in a certain workspace (== those that have been added to the workspace) are the ones for which you see tiles in overview screen.

    Daniele Muscetta commented  · 

    There is NO concept of a USER owning an IP and ADDING it to his various workspaces.
    The ONLY thing that you do is ADD to the workspace - when you do, it shows as 'owned' (in the workspace).
    The workspace is the unit of configuration (adding/removing - if added, the workspace 'owns' it - not the user); there is no concept of a user purchase of an IP - at least not at the moment.

    Hope it clarifies,

  2. 125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniele Muscetta commented  · 

    I briefly looked at the BizTalk 2013 MP here http://www.microsoft.com/en-us/download/details.aspx?id=39617

    You have an opportunity to do what I described in this blog post http://blogs.msdn.com/b/dmuscett/archive/2014/11/05/iis-mp-event-alerting-rules-s-opinsights-searches-equivalents.aspx and extract some of those rules, and build the search equivalents (typically much smaller/readable one-liner, rather than a large XML fragment - here my goal is to drastically simplify intelligence/knowledge authoring compared to SCOM).

    As we introduce more data sources (i.e. performance counters http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters ) a lot more scenarios will be possible (there are a lot of perf collection rules and rmonitors based on perf counters in that MP).

    Some of those other technology-related IP's (i.e. SQL Assessment) are not around real-time monitoring of those workloads, at this stage - they currently are periodic assessment of health and risk based on Microsoft support best practices.

    Currently, for a more 'stateful' and reactive type of monitoring that brings the best of both worlds, you can try the 'Alert Management' IP - http://blogs.technet.com/b/momteam/archive/2014/11/12/manage-your-operations-manager-alerts-from-azure-operational-insight-with-the-new-alert-management-intelligence-pack.aspx - have you considered just using SCOM with the BizTalk MP and triage your alerts in OpInsights (soon even on your mobile phone) ?

  3. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Azure Monitor-Log Analytics » Browser Support  ·  Flag idea as inappropriate…  ·  Admin →
    Daniele Muscetta commented  · 

    These are certainly 'nice to have's, but not trivial to do and not strategic.

    We need to allow the infra for multiple dashboards http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6651387-allow-to-create-multiple-dashboards
    and then export of those http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519372-allow-to-export-an-intelligence-pack-bundle-that-c
    and community publishing http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519273-allow-me-to-submit-an-intelligence-pack-bundle-to
    we need more specific scope about dashboards improvements such as tile size, positioning, etc. Eventually those dashboards (now simple) will be THE intelligence packs pages/drill downs that now are 'coded' pages.

    This is 'extensibility' which I thought you needed; multiple panes is more of an OS/browser functionality and doesn't carry us much forward...

  4. 11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniele Muscetta commented  · 

    Also, for 'state', I'll explain better/some more what I mean by 'inferring it from the data'.

    You could decide to use the worst severity in the windows 'system' event log as an indicator of health (worse between warning or error - lower being worse in windows, but 0 is 'success' and 4 is 'information... for weird backwards compatibiilty reasons) - we use the MIN function

    Type=Event EventLog=System (EventLevel=1 OR EventLevel=2) | Measure Min(EventLevel) by Computer

    Now you hav to look at the grid and mentally map those '1' to RED and those '2' to YELLOW. Or you can throw another filter in the query an only pick Critical - so you only get 'critical' computers - implying any other one that does not appear in the list must be in a 'better' state.

    Some other data typs had similar properties to let you 'rank' the worst 'known info' about a given computer (grouping by the 'Computer' field) for example in Malware assessment there are special 'rank' fields precisely for this purpose, higher is worse in this case so we use MAX frunction

    Type=ProtectionStatus | measure max(ThreatStatusRank) as WorstRank by Computer
    Type=ProtectionStatus | measure max(ProtectionStatusRank) as WorstRank by Computer

    See? You can basically 'derive' something like a 'state' by applying statistical functions to the data!
    Hope it makes sense/clarifies what I meant by 'not persisting state'.

    You can save those searches and pin them to your dashboard and soon see them on your phone!

    Daniele Muscetta commented  · 

    State in Operations Manager is persisted and updated (with a LOT of database activity - and performance hit) continuosly, based on a number of 'monitors' present in management packs = in order to know 'state', you need to have a criteria that determines what 'state' even means (when is it 'green'? when is it 'red'?)
    Do you intend to SYNCHRONIZE what is in SCOM to the Cloud? (i.e. like it's now done for the Alert management IP?)
    That might be doable, but would still only a 'copy' of what's in SCOM, for consultation purposes... that's why I was asking, but I didn't understand the answer.

    In the current thinking and with the type of backend we use, we don't really intend to PERSIST any *state* information in the cloud. We don't even have *objects*. It's not like SCOM. This is all entirely based on DATA.
    We have 'types' of data, but they are really not object types - they are just a field name - described here http://blogs.msdn.com/b/dmuscett/archive/2014/10/19/advisor-search-first-steps-how-to-filter-data-part-i.aspx

    We'd rather want to be able to INFER STATE by looking at the data and the KPI's that matter to you.
    I have described some of this - and some converstion between SCOM alerting rules and 'searches' equivalent syntax in this blog post http://blogs.msdn.com/b/dmuscett/archive/2014/11/05/iis-mp-event-alerting-rules-s-opinsights-searches-equivalents.aspx

    The simplest example I can give of this is to look at when a machine has last reported some data - if the most recent piece of data is OLDER than 4 hours, I want to see the computer name in the results

    * | measure Max(TimeGenerated) as LastData by Computer | Where LastData < NOW-4HOURS

    and if you have results... well, that IS showing you machines in a 'bad state' (=not sending frequently enough).
    And you can pin that to a tile in the dashboard and make it colr if there are more than ZERO results.
    There's your 'state' but we have not WRITTEN it anywhere.

    Of you can just look for a set of 'bad' events or conditions that yuo know should not happen. As soon as you see a result, that is your 'bad state'.

    You just have to PIN the query that shows the 'state' (or rather the criteria to get to that state) that you are interested in. You are essentially calculating it every time, but with this type of architecture is actually way faster to do this way.

    In the future those searches could be running real time and produce alerts - http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca

    Let us know if this clarifies the current thinking at least a little. We understand this is a shift from previous/traditional/stateful monitoring in Operations Manager, and it is very deliberate.

  5. 71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Automation » Desired State Configuration  ·  Flag idea as inappropriate…  ·  Admin →
    Daniele Muscetta commented  · 

    "Microsoft-Windows-DSC/Operational" log works, anyhow. But I am not sure how much info that alone has.

    Daniele Muscetta commented  · 

    Also commented on the ETW idea: our team already has an implementation of an ETL parser module for the agent, but right now this is specialized to collect some very specific telemetry from the VMM stack in Cloud Platform Systems - learn more about CPS at http://www.microsoft.com/cps

    If there is enough interest we will think of making this code more generic to support other scenarios such as this one.

    Daniele Muscetta commented  · 

    Well, yes Stefan - in theory. Except that it currently we only pick up 'classic' and EVTX eventlogs, not those /analytics and /debug logs that are ETL traces under the hood - vote this one for that http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6691402-collect-etw-trace-logs
    then yes, after that is in place, this scenario can probably use that information as data source.

    Daniele Muscetta commented  · 

    Would you consider this a part of 'Change Tracking' ? Or a separate IP? Can you elaborate a little?

  6. 60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniele Muscetta commented  · 

    Our team has an implementation of an ETL parser module for the agent, but right now this is specialized to collect some very specific telemetry from the VMM stack in Cloud Platform Systems - learn more about CPS at http://www.microsoft.com/cps

    If there is enough interest we will think of making this code more generic to support other scenarios.

    Daniele Muscetta shared this idea  · 
  7. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniele Muscetta commented  · 

    Gordon have you checked the 'Alert Management' IP yet?
    With that, APM Alerts ("Server Application Exception" and "Server Performance Exception" and those APM Alerts will be also pulled out and visible in search.
    They carry the full XML payload of the original alert.

    i.e. sample query
    Type:Alert AlertSeverity:Warning AlertState!=closed AlertName:"Server Application Exception"

    or I can even search the full text index and search for a specific exception, of function name, etc
    Type:Alert "System.TimeoutException"

    Of course a shape that would offer faceting over 'request time' or 'exception class' would be better suited - but I thought I'd mention it as a step in that direction...

  8. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  9. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  10. 17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Change Tracking  ·  Flag idea as inappropriate…  ·  Admin →
  11. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    Here the requirement is clear/obvious. We just have not prioritized this work yet.

    The overall ‘performance’ data collection needs to be refined – not just for Linux.

    Right now we only collect/provide hourly aggregates of some specific performance counters related to HyperV for the ‘Capacity Intelligence Pack’ scenario.

    Real time monitoring scenario might need some different shape of performance data to start with, before we enable this for Linux or for Windows alike, i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519061-collect-custom-windows-performance-counters

  12. 308 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  13. 49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  14. 25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    This isn’t really a prioritized scenario at this point, as we don’t really bring all of the OpsMgr data to the cloud, but only for specific scenarios (to which you can opt in/out by adding/removing ‘intelligence packs’).

    I updated the category of this idea to match it is a new Intelligence Pack/scenario suggestion.

  15. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    We are doing work on at the moment on custom fields – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-or-xpath-to-pe – which represents a stepping stone to allow custom data types into the system.

    The first iteration will only extract new (per tenant) fields for existing types, but later we need to address also the collection/gathering aspect (i.e. is your custom data already in azure? http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc or is your data something that comes from an existing log – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files) to allow customers to define what logs you want, where they are, how do they look, how to parse them, etc.

    Basically, we might or might not address this item as an out of the box ‘solution’ but the current thinking is to leave it open until the generic platform capabilities can support it (this and any other logs, at that point).

  16. 10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)

    If you notice the more recent IP’s are starting to provide information with what time the data refers to. There might never be a ‘global’ time window that all scenarios can snap to, but we are trying to make the tiles more informative as to what period they are showing.

    Also in ‘my dashboard’ (where there IS a global time selector) you will have to deal with the time dimension, which can’t always be global – see the consideration that Stas wrote on his blog here https://cloudadministrator.wordpress.com/2014/10/19/system-center-advisor-restarted-time-matters-in-dashboard-part-6/

  17. 11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  18. 9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  19. 186 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Change Tracking  ·  Flag idea as inappropriate…  ·  Admin →
  20. 293 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
← Previous 1

Feedback and Knowledge Base