Microsoft released an option to upgrade OMS to use the Kusto for querying data in Log Analytics. The release is in public preview so bugs are still expected.
One bug I discovered breaks the whole automation part of OMS. I’m currently performing a PoC at a customer, where OMS alerts must kick-off Azure Automation Runbooks. The JSON payload is vital in this project. Unfortunately, the payload is broken!
The payload looked like this before the upgrade:
Now, it looks like this:
The format of the payload has changed scientifically, and I haven’t found any solution to make the payload usable in Automation Runbooks – besides of extensive static mapping.
If you are thinking “this look like a recent bug in the OMS PowerShell Module?”, then yes – until recently, there has been a similar issue in the AzureRM.OperationalInsights module. The issue was fixed in version 3.3.1, released 16th August 2017.
I have tried creating new alerts and new runbooks. I have even tried creating new OMS workspaces – same issue; the WebhookData input is broken.
A workaround for this could be to extract the Kusto Query used to generate the alert, and then use it in a Get-AzureRmOperationalInsightsSearchResults cmdlet. It is not an effective nor pretty solution, but we will be able to reach our target; get some usable JSON.
But unfortunately, Get-AzureRmOperationalInsightsSearchResults does not support Kusto – only the old query language 🙁
*** UPDATE 05/09/2017 ***
I have created a github issue regarding this issue. Read more here.
So, now I’m stuck..
The issue has been reported to the product team. Stay tuned.
Soren is an IT Professional & DevOps based in Copenhagen, Denmark.
His primary work areas are system design, deployment, migration and administration of business-critical IT infrastructure.