23 Feb 2022 01:37 AM - last edited on 17 May 2023 03:51 AM by Michal_Gebacki
Would this be an improvement (RFE), or to far fetched?
Make possible for the WMI 2.0 extension to also collect strings and or arrays. This would make Dynatrace also a great inventory tool. So collect every 60 minutes like below,
Just a thought, please comment (-;
Solved! Go to Solution.
It wouldn't fit in our metrics database as that one expects a number. It could potentially go into the log ingest though?
@dglugla , raise an RFE or is something similar already going to be possible based on what you've got planned?
If the data can be fetched via a standard WMI query - we can already store it via log ingest. See example usage in MS Exchange extension.
But I would also ask if the data is more an event, or rather entity attribute? For example: BIOS seems to fit more like an attribute of a host. While it can be reported either as an event, or a metric dimension (not a value though), it all comes down to where should it be presented: as a log line, or host entity attribute?
QFEs on the other hand are a great example of log events.
In any case - WMI exts already supports any of those.
Sample YAML section:
- subgroup: ExchangeLogEvents featureSet: events interval: minutes: 1 query: SELECT SourceName, EventCode, RecordNumber, CategoryString, Message, Type, TimeGenerated FROM Win32_NTLogEvent WHERE Logfile='[MS]Exchange Management' OR SourceName LIKE '%[MS]Exchange%' type: logfileEvent dimensions: - key: source value: column:SourceName - key: dt.event.key value: column:EventCode - key: category value: column:CategoryString - key: content value: column:Message - key: status value: column:Type - key: recordno value: column:RecordNumber - key: timestamp value: $timestamp(const:ntlog, column:TimeGenerated)
Do you have more examples for Event log monitoring using WMI Extension 2.0?
How would you store the latest position read in the eventlog? Or dont you do that?
Second, how would you alert on something that only occurs once?
@tarjei you don't need to do that. The WMI DataSource fetches only the entries that were written to the eventlog since the previous read.
Regarding alerting on single occurrence: what do you mean by that? If that's about a single occurrence in a single fetch (1 minute period) then you just simply configure an alert on that event. In other cases (single occurrence over a longer time period) you may introduce your own metric extracted of that type of en event and set up an alert on that metric.
The MS Exchange extension is currently the only one that leverages that capability, but if you see a potential in another extension - please share the details and I'm sure we'll be able to help.
I was thinking where there is an alert where a "Backup job failed" or a disk event id 55. Cases where there might be one event, and no repeats.
How do we configure this alert on one event?
Hi @dglugla! Any chance that this functionality will be documented soon?
We are trying to implement this in our plugin, but it is behaving strangely. And without any documentation it is quite difficult.
Let me ask the doc team for that (FYI: @jaroslaw_orlows)
Both, thanks for your reply, small question, what are QFE's?
The second command you pasted into your question? 🙂
Oeps.... I did it again😞
Yes, stop playing with my heart 😂