How it works...

Once data is collected in OMS, it is stored in the OMS data store as records. Records that are collected by the various data sources configured for a workspace will have unique properties, and will get tagged with a unique Type property that identifies that data record as being from a particular data source. For instance, Windows event log data, once collected in the OMS repository, will be assigned a tag of type Event. This means that in Log Analytics, you can search for non-security Windows event logs by specifying a query, such as Event, as the where condition for your filter. Similarly, performance counter data will get tagged as data of type Perf, and you can use the query Perf to filter for this sort of data.

All of the data collected in the OMS repository is tagged as such, and you can filter for any type of data once you know what the tag value, or type, of data it is. The OMS log search can enable you to further shape, filter, aggregate, and glean insights from your data. In the next chapter, you will learn how to use the OMS log search to glean insights from your data. You will also learn how to analyze and visualize your data using OMS and complementary tools.