Searching for different types of data with Microsoft OMS

  • Article

Summary: Learn how to use the different values for the Type keyword in Microsoft Operations Management Suite Search.

Good morning everyone. Ed Wilson here. Today Teresa Wilson (aka The Scripting Wife) has been busy searching to identify various user groups that are related to System Center or Microsoft management and may have an interest in Microsoft Operations Management Suite.

You may (or may not know) that she was instrumental in helping create and sustain dozens of Windows PowerShell user groups over the years, and now that PowerShell MVPs are Cloud and Datacenter Management MVPs, she is trying to expand her horizons. So one of her projects is to help to create a list of user groups related to Microsoft management. Stay tuned for more information about this project.

Note This post is part of a seven part series about using MS OMS Search. The series includes:

Search MS OMS logs with the Type keyword

Yesterday in Easy Microsoft Operations Management Suite Search queries, I talked about using free-form text (string literals) to search the MS OMS log data. Today I want to talk about using the Type keyword.

Note  For more information about OMS Search syntax, see OMS Search reference on TechNet.

MS OMS log data is grouped into different types of data. Depending on the solutions implemented, there will be various types of data. For example, the Alert Management solution generates Alert data. I can submit a query such as:

Type=Alert

Note  Keep in mind that the Type keyword is case sensitive. Therefore, type=Alert will fail, as will type=alert. The error message says Invalid Number: Alert, so it is a bit confusing.

As you can see here, when I run my search, over 24,000 results return:

Image of menu

I can also search for a type of ADAssessmentRecommendation:

Type:ADAssessmentRecommendation

Note  I can perform my query by using either a colon or an equal sign. So Type:Alert or Type=Alert both work. Also spacing here does not matter. I can use Type : Alert or Type:Alert (or Type = Alert or Type=Alert) and they all work.

I can search for a type of ProtectionStatus and return information about malware assessment:

Type:ProtectionStatus

I can find information from the Change Tracking solution by searching the ConfigurationChange type:

Type=ConfigurationChange

The Configuration Assessment Knowledge recommendations use KB recommendations, so the type is Recommendation:

Type:Recommendation

But Servers and Workloads uses configuration objects, so the type is ConfigurationObject:

Type:ConfigurationObject

The Security and Audit solution uses the SecurityEvent type:

Type=SecurityEvent

But it also uses the WireData type and the WindowsFirewall type. The following two queries can return millions of records:

Type=WireData

Type=WindowsFirewall

The Containers solution uses the ContainerImageInventory type to keep track of containers:

Type=ContainerImageInventory

It also uses the ContainerLog type to access the container logs:

Type=ContainerLog

SQL Assessment uses the SQLAssessmentRecommendation type:

Type:SQLAssessmentRecommendation

The System Update solution uses the Update type:

Type:Update

This is an overview of some of the various types of data that can be searched by using the MS OMS Search tool. Keep in mind that unfiltered queries, such as the types I listed here can return tons of data, and my intention is only to introduce some of the types of data that are available. Next week we will begin filtering to produce more useful data.

That is all I have for you today. Join me next week when I’ll continue my series about searching MS OMS logs.

I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at scripter@microsoft.com. I wish you a wonderful day, and I’ll see you tomorrow.

Ed Wilson
Microsoft Operations Management Team