Creating an Exchange Solution in OMS

With the recent release of View Designer in OMS, we now have the capability to use the power of log search to create our own custom solutions.  This capability is very powerful and allows us to create single pane of glass dashboards across data sets for any technology for which we are collecting data.  Nice! 

For the purpose of this demo, I will create a custom Exchange solution, but it’s important to note that this same process can be used for any application or technology.

There are a few good blogs out there which detail how to pull Exchange performance and event data into OMS. I want to take this functionality a bit further and detail how we can utilize this data to create a custom Exchange solution in OMS using the newly released View Designer. For the purpose of this demo, I will configure OMS to collect 4 specific mailbox performance KPIs, configure a custom solution to visualize the data, and add a few saved queries to a List Of Queries blade which will link to performance graphs for root cause analysis and monitoring.  It’s important to note that this process can be used to create a custom solution for any technology.  If the data is collected by OMS, it can be utilized in a solution. 

 Note: The KPIs and logs used in this example are for demonstration only.  Any KPIs or logs can be substituted to suit your particular monitoring requirements.

Let’s get started!

Collect Performance Data from Exchange:

There are a few good blogs out there that detail different ways to collect and store Exchange data in OMS. For this demo, I will demonstrate how to manually enter a performance counter and the Exchange Managed Availability event log for collection in OMS. Please see the blog posts below for other manual and scripted options for data collection.

Joseph Chan on the momteam blog: https://blogs.technet.microsoft.com/momteam/2015/10/29/get-visibility-into-your-exchange-environment-with-oms/

Ed Wilson on the MSOMS blog: https://blogs.technet.microsoft.com/msoms/2016/02/24/configure-microsoft-oms-to-monitor-exchange-server/

  1. Navigate to Overview->Settings->Data->Windows Performance Counter.1 settings
  2. Enter the full object name and counter name of the Exchange performance counter and select the + sign.2 Perf Counter Config
  3. Select Save.  After some time you should be able to search and show query results for each counter.3 Perf Working
  4. The same process applies to the Managed Availability event log.4 Perf

 

Create a Custom Solution:

In this scenario, I will create a custom solution to show Exchange mailbox performance. The solution contains the following blades:

  • Critical Managed Availability Events – Critical and Warning events collected from the Managed Availability event log.
  • Performance KPI Monitors
    • MSExchange IS(*)\RPC Averaged Latency
    • MSExchange IS(*)\RPC Requests
    • MSExchange Database(Information Store)\Database Page Fault Stalls/sec
    • MSExchange Database(*)\Log Record Stalls/sec
  • Critical Alerts – Critical Exchange alerts generated by System Center Operations Manager (SCOM). SCOM is required for alert management in OMS.
  • Recommended Searches – Saved search queries which link to interactive performance graphs for each KPI.

Create the Solution Tile:

  1. Navigate to the Solution Designer on the Overview page
  2. Select the +Tile option to create the tile for our solution. This tile will be viewable from the Overview page.1 Solution
  3. Enter the title, description, and search query in the specified Properties fields on the right side of the page.  The query specified in the Query field will determine the data presented in the tile.  In this case, I am using a simple query to show how many Exchange servers are being actively monitored.                                                          Type=Perf Computer=EXC* TimeGenerated>NOW-1HOUR | measure countdistinct(Computer) by Computer2 Solution
  4. Save your changes!  This screen has timed out on me several times, which as you can imagine is quite frustrating after spending time configuring and testing the data.  I recommend saving after each change.Solution 3

 

Create the Critical Managed Availability Events Blade:

  1. Select the +Dashboard option and select the “Two Timelines and List” option.
  2. Enter the title and queries for the Timeline section.  This section corresponds to the upper section in the solution blade.  For this section I am using the following two queries (one for error events and one for warning events logged in the Managed Availability event log over the last day):                                                                             ERROR:  Type=Event EventLog=”Microsoft-Exchange-ManagedAvailability/Monitoring” EventLevelName=Error TimeGenerated>NOW-1DAY | measure count() by Computer   WARNING:  Type=Event EventLog=”Microsoft-Exchange-ManagedAvailability/Monitoring” EventLevelName=Warning TimeGenerated>NOW-1DAY | measure count() by Computer2 Event
  3. Enter the title, description, and query for the List section.  This section corresponds to the lower section in the solution blade.  For this section I am using the following query to display error and warning Managed Availability events:                         Type=Event EventLog=”Microsoft-Exchange-ManagedAvailability/Monitoring” EventLevelName=Error TimeGenerated>NOW-1DAY | measure count() by EventIDEvent 2.png:
  4. Once we’ve verified that our queries are returning the expected results, your  solution should look like the following:

           3 Solution

 

Create the Performance KPI Blades:

  1. Select the +Dashboard option, but this time choose the Donut and List option.
  2. Enter the title and query for the Donut section.  This section corresponds to the upper section in the solution blade. For this section I am using the following query to display computers with RPC Latency > 250 (I have removed the CounterValue filter to display data):                                                                                Type=Perf ObjectName=”MSExchangeIS Store” CounterName=”RPC Average Latency” TimeGenerated>NOW-1HOUR InstanceName!=_total CounterValue > 250 | measure countdistinct(Computer) by Computer1 KPI
  3. Enter the title and query for the List section.  This section corresponds to the lower section in the solution blade. For this section I am using the following query to display mailbox instances with RPC Latency > 250 and the value (I removed the CounterValue filter in the image to ensure that data is displayed):                         Type=Perf ObjectName=”MSExchangeIS Store” CounterName=”RPC Average Latency” TimeGenerated>NOW-1HOUR InstanceName!=_total CounterValue > 250 | measure max(CounterValue) by InstanceName2 KPI
  4. Once we’ve verified that our queries are returning the expected results, your  solution should look like the following (see below).  We will follow this same procedure for the other three Exchange KPIs.

         kppi

 

Create the Critical Alerts Blade:

Note: This solution depends on the Alert Management solution, which requires SCOM.

  1. Select the +Dashboard option, but this time choose the Number and List option.
  2. Enter the title and query for the Number section.  This section corresponds to the upper section in the solution blade. For this section I am using the following query to display computers with critical alerts:                                                            Type:Alert AlertState!=Closed SourceDisplayName=EXC* AlertSeverity=Error | measure countdistinct(SourceDisplayName) by SourceDisplayName
  3. Enter the title and query for the List section.  This section corresponds to the lower section in the solution blade. For this section I am using the following query to display computers with critical alerts:                                                                             Type:Alert AlertState!=Closed SourceDisplayName=EXC* AlertSeverity=Error | measure countdistinct(AlertId) by AlertNameAlerts
  4. Once we’ve verified that our queries are returning the expected results, your  solution should look like the following (see below).2016-03-31_18-45-31

 

Create the Recommend Searches Blade:

For this demonstration, the List Of Queries Blade contains a performance graph query for each Exchange KPI.  You can read more about performance monitoring and analysis capabilities in OMS here.

  1. Select the +Dashboard option, but this time choose the List of Queries option.
  2. Select the List Of Queries blade and enter a title and search query in the Properties window.  Each search query entered into the Properties window will populate in the List Of Queries blade.  For this example I’ve used the following query:              Type=Perf ObjectName=”MSExchangeIS Store” CounterName=”RPC Average Latency” InstanceName!=_total | measure avg(CounterValue) by InstanceName Interval 1HOURQueries
  3. In this example, the saved query links to a performance graph for the RPC Average Latency counter on all instances.  We can access this performance graph by simply clicking the query link which provides easy access to root cause analysis and drill down into each Exchange KPI.Blah
  4. Once we’ve verified that our queries are returning the expected results, your  solution should look like the following (see below).

          List of qs

 

Final Solution:

Full View:

Final Solution

Zoomed in View:

2016-03-31_19-23-47.png

As you can see, the View Designer can be extremely valuable and provides a great tool to create visualization dashboards for any data collected in OMS. In this scenario I am using Exchange, but we can create these custom solutions for any technology or scenario.  In my next post I will demonstrate how we can use SCOM alert custom fields to provide a way to filter OMS alert data by group, AD site, and more!

 

 

 

 

 

 

 

Advertisements