23 Feb 2022 09:37 AM - last edited on 17 May 2023 11:51 AM by Michal_Gebacki
Hello,
Would this be an improvement (RFE), or to far fetched?
Make possible for the WMI 2.0 extension to also collect strings and or arrays. This would make Dynatrace also a great inventory tool. So collect every 60 minutes like below,
Just a thought, please comment (-;
KR Henk
Solved! Go to Solution.
23 Feb 2022 09:41 AM
It wouldn't fit in our metrics database as that one expects a number. It could potentially go into the log ingest though?
@dglugla , raise an RFE or is something similar already going to be possible based on what you've got planned?
23 Feb 2022 10:13 AM
If the data can be fetched via a standard WMI query - we can already store it via log ingest. See example usage in MS Exchange extension.
But I would also ask if the data is more an event, or rather entity attribute? For example: BIOS seems to fit more like an attribute of a host. While it can be reported either as an event, or a metric dimension (not a value though), it all comes down to where should it be presented: as a log line, or host entity attribute?
QFEs on the other hand are a great example of log events.
In any case - WMI exts already supports any of those.
Sample YAML section:
- subgroup: ExchangeLogEvents
featureSet: events
interval:
minutes: 1
query: SELECT SourceName, EventCode, RecordNumber, CategoryString, Message, Type, TimeGenerated FROM Win32_NTLogEvent WHERE Logfile='[MS]Exchange Management' OR SourceName LIKE '%[MS]Exchange%'
type: logfileEvent
dimensions:
- key: source
value: column:SourceName
- key: dt.event.key
value: column:EventCode
- key: category
value: column:CategoryString
- key: content
value: column:Message
- key: status
value: column:Type
- key: recordno
value: column:RecordNumber
- key: timestamp
value: $timestamp(const:ntlog, column:TimeGenerated)
02 Sep 2022 01:30 PM
Do you have more examples for Event log monitoring using WMI Extension 2.0?
How would you store the latest position read in the eventlog? Or dont you do that?
Second, how would you alert on something that only occurs once?
18 Oct 2022 08:19 AM
@tarjei you don't need to do that. The WMI DataSource fetches only the entries that were written to the eventlog since the previous read.
Regarding alerting on single occurrence: what do you mean by that? If that's about a single occurrence in a single fetch (1 minute period) then you just simply configure an alert on that event. In other cases (single occurrence over a longer time period) you may introduce your own metric extracted of that type of en event and set up an alert on that metric.
The MS Exchange extension is currently the only one that leverages that capability, but if you see a potential in another extension - please share the details and I'm sure we'll be able to help.
02 Nov 2022 03:08 PM
I was thinking where there is an alert where a "Backup job failed" or a disk event id 55. Cases where there might be one event, and no repeats.
How do we configure this alert on one event?
28 Nov 2022 12:28 PM
Hi @dglugla! Any chance that this functionality will be documented soon?
We are trying to implement this in our plugin, but it is behaving strangely. And without any documentation it is quite difficult.
29 Nov 2022 02:05 PM
Let me ask the doc team for that (FYI: @jaroslaw_orlows)
23 Feb 2022 10:29 AM
Both, thanks for your reply, small question, what are QFE's?
23 Feb 2022 10:30 AM
The second command you pasted into your question? 🙂
23 Feb 2022 10:35 AM
Oeps.... I did it again😞
23 Feb 2022 10:38 AM
Yes, stop playing with my heart 😂