使用Azure Log Analytics,是否可以根据搜索查询结果设置警报规则?
[英]With Azure Log Analytics, is there has a way to set an alert rule based on the Search Query Results?
问题描述
With Azure Log Analytics, I use the log to monitor something and I'm setting up a new alert based on the query results. 
借助Azure Log Analytics,我使用日志来监视某些内容,并根据查询结果设置新的警报。
How do I need to set the coding/query?
I tried on writing some coding to see the performance of CPU, memory on Azure Log and got the chart what I want. 我尝试编写一些代码来查看CPU的性能,Azure Log上的内存,并获得所需的图表。
Perf | where parse_json(CounterName) == "% Committed Bytes In Use" | where parse_json(ObjectName) == "Memory" | limit 10
I expect the I can set the alert based on the search result,
but when I click on "+ New alert rule", the chart is configured by Custom Log search instead of performance CounterValue (*like Memory %Committed Bytes In Use). 但是,当我单击“ +新警报规则”时,该图表是通过“自定义日志”搜索而不是性能CounterValue(*像正在使用的“内存已使用的百分比”)来配置的。
1 个解决方案
解决方案1
0 已采纳 2019-07-04 10:20:27
Perhaps I am missing something but based on given information and AFAIK it is as per design that the first signal you could see when you try to configure signal logic after clicking on "+ New alert rule" is "Custom log search" (which is of "Log" signal type that comes under "Log Analytics" monitor service). 也许我遗漏了一些东西,但是根据给定的信息和AFAIK,根据设计,单击“ +新警报规则”后尝试配置信号逻辑时可以看到的第一个信号是“自定义日志搜索”(即“日志分析”监视服务下的“日志”信号类型)。 This "Custom log search" can be used in case you want to generate alert based on your own custom query. 如果您要基于自己的自定义查询生成警报,则可以使用此“自定义日志搜索”。 But in case you want to re-use pre-existing signals (of signal type "Metric", "Activity Log", etc.) then you may search for required one and leverage them. 但是,如果您想重复使用先前存在的信号(信号类型为“ Metric”,“ Activity Log”等),则可以搜索所需的信号并加以利用。 I did a quick search with the keyword(s) "committed bytes in use" but couldn't see any related signal so I would go with "Custom log search" signal. 我使用关键字“正在使用的已提交字节数”进行了快速搜索,但是没有看到任何相关信号,因此我将选择“自定义日志搜索”信号。
If your question is more towards how to generate alert based on countervalue of counter named "% Committed Bytes In Use" then make sure "alert logic" is set to "Metric measurement" and update your query something like shown below. 如果您的问题更多是关于如何基于名为“正在使用的已提交字节数”的计数器的计数器值生成警报,那么请确保将“警报逻辑”设置为“度量标准”,并更新查询,如下所示。
Perf
| where parse_json(CounterName) == "% Committed Bytes In Use"
| where parse_json(ObjectName) == "Memory"
| limit 10
| summarize AggregatedValue= avg(CounterValue) by Computer, bin(TimeGenerated, 30s)
For more information related to alert logics (either "metric measurement" or "number of results"), please refer this document. 有关警报逻辑的更多信息(“度量标准度量”或“结果数量”),请参阅此文档。
Other related references: 其他相关参考资料:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#create-a-log-alert-rule-with-the-azure-portal https://docs.microsoft.com/zh-CN/azure/azure-monitor/platform/alerts-log#create-a-log-alert-rule-with-the-azure-portal
Hope this helps!! 希望这可以帮助!! Cheers!! 干杯!!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.