In our first blog on using Operations Management Suite (OMS) to monitor, automate and protect workloads in a hybrid cloud environment we walked you through the process of collecting data.

In this second blog of the series, we’re going to explain how to create the custom fields required to manipulate the data you’ve imported to make it relevant and set up related queries. In the first blog we had successfully connected to the Squid access.log on the Linux server and imported the data into the OMS workplace, so we will carry on from there.

First of all we need to open the log search and type the name of the custom log we created in the last blog entry.

Log entry

From the raw data right-click on a log entry and choose Extract fields from Squid_CL’

Extract fields - OMS - SystemsUp

This is what you will see:

What you will see - OMS - SystemsUp

Highlight the source IP address in the log entry

Source IP address - OMS -SystemsUp

Name it PRX_SRC_IP (or whatever suits your naming convention).

The screen will refresh and show you the results of the new field (based on historical data).

Historical data - OMS - SystemsUp

Click Save Extraction

Save Extraction - OMS - SytemsUp

Repeat this process until you have all the fields you need.

OMS will create the required fields in the back-end database.  It will take some time (around 20 minutes) to start populating the data into the newly created fields.

Custom fields - OMS - SystermsUp

Squid CL - OMS - SystemsUp

 

Creating these fields allows us to manipulate and visualise the data (we will cover how to do this in the third and final blog).  Obviously this is just an example – you can choose to collect whatever data fields names that you require.

To confirm data is being placed in the new fields go to the log search and type the following:

Type=Squid_CL | measure count() by PRX_SRC_IP_CF

If the log data has been consumed you will see something like this:

Log data consumed - OMS - SystemsUp

If you do not get any data, try changing the date range to 6 hours instead of using the default 1 day.

To summarise what we have done to get to his stage:

  1. Installed the OMS agent on the target endpoint.
  2. Configured custom log ingestion using the OMS custom log option.
  3. Converted raw data into to custom data fields.

 

So in this second blog, we have shown how to convert raw data across different workloads into custom fields.  These fields will allow us to apply alerts to the data and create dashboards, like the one below, to visualise it.

Dashboard - OMS - SystemsUp

We will look in much more detail at creating dashboards to display the data in the third and final part of this blog.

By Nathan O’Sullivan, Solutions Architect, SystemsUp

SystemsUp has a full-time team of solutions architects and cloud consultants who are highly certified across all the major public cloud platforms as identified by Gartner and Forrester Research such as, Azure, Office 365, AWS and Google Cloud. To find out more about how SystemsUp can help design and build the cloud you need please contact us.

 

Related Post