In my last blog post, I spent some time trying to explain
why OMS is more than you think and how this fits into the next generation of
hybrid IT management, with Management-as-a-Service.
Today, I want to highlight something I myself find very
interesting, where we are using OMS as the source of our information towards
operations engineers.
OMS Log Analytics
One of the key aspects of OMS is the Log Analytic
workspace. This is where you harvest the data from your hybrid operational
environment, and as I talked about in my previous blog post, you can have
multiple data sources – and even use custom logs to retrieve and centralize the
information you are looking for – but also (and perhaps more important) – the information
that you didn’t knew you were looking
for!
Log Analytics let you easily search for any of your data
and from there, you can truly demonstrate your skillset by connecting the dots
to a complete remediation solution, or plug into some other system to either
deliver or manipulate the data or both.
With Log Analytics, we are able to:
·
Search for any of our data
·
Save searches and use them together with
Dashboards
·
Use saved searches in conjunction with Alerts
·
Get e-mail notification with detailed
information about the alert, search result and more
·
Connect Alerts with Azure Automation to trigger
a Runbook that is either executed in Azure or through a Hybrid Worker
·
Connect Alerts with third-party systems using WebHooks
This blog post will focus on how to use OMS as the
foundation for an operational department and centralize the alerts
(informational, warning and critical) into SLACK.
First, let us quickly get a better understanding of what
SLACK really is and why it might be useful in this particular scenario.
Many IT organizations are having a wide diversity of
different ways of doing collaboration. Some of them are good, some of them are
less good. However, the fact is that many channels might be used over time
which leads to lack of communication
and especially transparency when it comes to critical information around the
operations.
Slack is a messaging application where teams can share
files, talk and literally work together.
This lets organizations have everything in one place, moving away from the
devastating e-mail threads and so on.
With SLACK, everything that is shared is automatically
indexed and archived which is searchable.
Some of the advantages you will get immediately when
using SLACK is transparency to team communication for greater visibility into
what other teams are working on, it speeds up feedback and decision making and
make it a lot easier to find information and documents and more.
Las but not least – SLACK supports a wide range of tools,
which means you can integrate existing apps, systems etc to communicate with
SLACK to centralize the communication and information.
This is where OMS comes into play together with the
WebHook integration to SLACK.
Ok, I get it. The
information from our alerts can have a flow into one or more SLACK channels
where our teams can get everything in a single view, but what exactly is a
WebHook?
I am glad you asked.
WebHook is something you have used already if you have
been using Azure Automation – and especially together with Alerts in OMS. This
will leverage WebHooks.
The concept of WebHooks is really simple, and by simple I
mean it is a simple HTTP POST that occurs when ‘something’ happens.
Using OMS together with SLACK, OMS will POST a message to
a URL when certain things happen (the Log Analytic Search is showing some
result that will trigger the Alert workflow).
WebHooks helps us to receive valuable information when it
happens – instead of constantly pulling for the data.
In SLACK, you can add an ‘incoming webhook’ to your
channel that will accept data from external sources that will send a JSON
payload over HTTP.
Each channel in SLACK will be identified by a unique
incoming Webhook URL to which you can post the message from outside.
A typical JSON payload will look similar to this:
{
"text": "This is some random
text from Virtualization and some Coffee",
"channel": "#virtualization",
"username": "Kristian",
"icon_emoji": ":KristianDancing"
}
Once you have added the incoming WebHook to your SLACK
channel, you can take advantage of this when creating alerts in OMS.
Here's an overview of the workflow and architecture
Here’s an example on how to configure an Alert in OMS to
use a Webhook
And this is an example on how it could look like in
SLACK, where we have different channels for different teams, depending on their
area of expertise, responsibility etc.
Happy integrating!