特定时间的 Log Analytics 警报规则
[英]Log Analytics alert rule at specific time
问题描述
I have a DataFactory with diagnostic setting activate and sending logs to a Log Analytics Workspace.
我有一个带有诊断设置的 DataFactory 激活并将日志发送到 Log Analytics 工作区。
I want to create an alert that fires only once if an event trigger hasn't run after 9AM.如果事件触发器在上午 9 点之后没有运行,我想创建一个仅触发一次的警报。
I think some query like this:我认为一些这样的查询:
let StartTime =startofday(now());
let EndTime =now();
let CheckHour = 9;
ADFTriggerRun
| where ResourceId contains toupper("DataFactory_Name")
| where TriggerName == "Trigger_Name"
| where TimeGenerated > StartTime and TimeGenerated < EndTime
| extend Hour = datetime_part("hour", TimeGenerated)
| where Hour < CheckHour
But I see some problems if I set the following settings to the alert:但是,如果我将以下设置设置为警报,我会发现一些问题:
- Number of results less than 0结果数小于 0
- Period = 30 minutes周期 = 30 分钟
- Frequency = 30 minutes频率 = 30 分钟
(If the trigger runs correctly) The alert will fire 18 times before 9AM. (如果触发器正确运行)警报将在上午 9 点之前触发 18 次。
(If the trigger doesn't run) The alert will fire 48 times in a day. (如果触发器没有运行)警报将在一天内触发 48 次。
Is there some query to avoid this?是否有一些查询可以避免这种情况? Maybe with some if condition?也许有一些条件?
1 个解决方案
解决方案1
0 已采纳 2021-03-23 09:24:51
There is no such solution to directly solve this issue.没有这样的解决方案可以直接解决这个问题。
I suggest you can set up 2 alerts:我建议您可以设置 2 个警报:
Alert 1: To send alert if the trigger doesn't run all the day.警报 1:如果触发器全天未运行,则发送警报。 You can use your query in your question, just set Period = 1440 minutes , Frequency = 1440 minutes , Number of results less than 0 .您可以在您的问题中使用您的查询,只需设置Period = 1440 minutes , Frequency = 1440 minutes , Number of results less than 0 。 Then it will only send one alert email if the trigger doesn't run at all.然后,如果触发器根本不运行,它只会发送一个警报 email。
Alert 2: Use the query below by adding iff() function :警报 2:通过添加iff() function使用以下查询:
let StartTime =startofday(now());
let EndTime =now();
let CheckHour = 9;
ADFTriggerRun
| where ResourceId contains toupper("DataFactory_Name")
| where TriggerName == "trigger1"
| where TimeGenerated > StartTime and TimeGenerated < EndTime
| extend Hour = datetime_part("hour", TimeGenerated)
| extend isFailed = iff(Hour < CheckHour, "Success","Failed")
| where isFailed == "Failed"
Then set Period = 30 minutes , Frequency = 30 minutes , Number of results Equal to 1 .然后设置Period = 30 minutes , Frequency = 30 minutes , Number of results Equal to 1 。 By using this query / setting, you at most receive 2 email alerts if the triggers runs after 9AM(For example, if the trigger runs at 10:07AM, and the alert scans at 10:20AM / 10:50AM, only at these 2 times, it will send alerts; if the trigger runs before 9AM, no alerts will be sent).通过使用此查询/设置,如果触发器在上午 9 点之后运行,您最多会收到 2 个 email 警报(例如,如果触发器在上午 10:07 运行,并且警报在上午 10:20/上午 10:50 扫描,则仅在这 2 个次,它会发送警报;如果触发器在上午 9 点之前运行,则不会发送警报)。
解决方案2
0 2021-12-09 08:56:15
This post may help you: https://docs.microsoft.com/en-us/answers/questions/251524/how-to-configure-azure-alerts-to-only-run-during-b.html这篇文章可能会对您有所帮助: https://docs.microsoft.com/en-us/answers/questions/251524/how-to-configure-azure-alerts-to-only-run-during-b.html
Or this post: https://docs.microsoft.com/sk-sk/azure/azure-monitor/alerts/alerts-action-rules?tabs=portal或这篇文章: https://docs.microsoft.com/sk-sk/azure/azure-monitor/alerts/alerts-action-rules?tabs=portal
Or directly check in portal: Monitor --> Alerts --> Action Rules (preview) --> Creation Action Rule或者直接在门户中查看:Monitor --> Alerts --> Action Rules (preview) --> Creation Action Rule
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.