Wednesday, April 20, 2016

Connecting the dots with OMS and SLACK

In my last blog post, I spent some time trying to explain why OMS is more than you think and how this fits into the next generation of hybrid IT management, with Management-as-a-Service.

Today, I want to highlight something I myself find very interesting, where we are using OMS as the source of our information towards operations engineers.

OMS Log Analytics

One of the key aspects of OMS is the Log Analytic workspace. This is where you harvest the data from your hybrid operational environment, and as I talked about in my previous blog post, you can have multiple data sources – and even use custom logs to retrieve and centralize the information you are looking for – but also (and perhaps more important) – the information that you didn’t knew you were looking for!

Log Analytics let you easily search for any of your data and from there, you can truly demonstrate your skillset by connecting the dots to a complete remediation solution, or plug into some other system to either deliver or manipulate the data or both.

With Log Analytics, we are able to:

·         Search for any of our data
·         Save searches and use them together with Dashboards
·         Use saved searches in conjunction with Alerts
·         Get e-mail notification with detailed information about the alert, search result and more
·         Connect Alerts with Azure Automation to trigger a Runbook that is either executed in Azure or through a Hybrid Worker
·         Connect Alerts with third-party systems using WebHooks

This blog post will focus on how to use OMS as the foundation for an operational department and centralize the alerts (informational, warning and critical) into SLACK.

First, let us quickly get a better understanding of what SLACK really is and why it might be useful in this particular scenario.

Many IT organizations are having a wide diversity of different ways of doing collaboration. Some of them are good, some of them are less good. However, the fact is that many channels might be used over time which leads to lack of communication and especially transparency when it comes to critical information around the operations.
Slack is a messaging application where teams can share files, talk and literally work together. This lets organizations have everything in one place, moving away from the devastating e-mail threads and so on.
With SLACK, everything that is shared is automatically indexed and archived which is searchable.

Some of the advantages you will get immediately when using SLACK is transparency to team communication for greater visibility into what other teams are working on, it speeds up feedback and decision making and make it a lot easier to find information and documents and more.
Las but not least – SLACK supports a wide range of tools, which means you can integrate existing apps, systems etc to communicate with SLACK to centralize the communication and information.

This is where OMS comes into play together with the WebHook integration to SLACK.

Ok, I get it. The information from our alerts can have a flow into one or more SLACK channels where our teams can get everything in a single view, but what exactly is a WebHook?

I am glad you asked.

WebHook is something you have used already if you have been using Azure Automation – and especially together with Alerts in OMS. This will leverage WebHooks.

The concept of WebHooks is really simple, and by simple I mean it is a simple HTTP POST that occurs when ‘something’ happens.

Using OMS together with SLACK, OMS will POST a message to a URL when certain things happen (the Log Analytic Search is showing some result that will trigger the Alert workflow).
WebHooks helps us to receive valuable information when it happens – instead of constantly pulling for the data.

In SLACK, you can add an ‘incoming webhook’ to your channel that will accept data from external sources that will send a JSON payload over HTTP.
Each channel in SLACK will be identified by a unique incoming Webhook URL to which you can post the message from outside.

A typical JSON payload will look similar to this:

  "text": "This is some random text from Virtualization and some Coffee",
  "channel": "#virtualization",
  "username": "Kristian",
  "icon_emoji": ":KristianDancing"

Once you have added the incoming WebHook to your SLACK channel, you can take advantage of this when creating alerts in OMS.

Here's an overview of the workflow and architecture

Here’s an example on how to configure an Alert in OMS to use a Webhook

And this is an example on how it could look like in SLACK, where we have different channels for different teams, depending on their area of expertise, responsibility etc.

Happy integrating!