stackoom
  简体   繁体   中英

With Azure Log Analytics, is there has a way to set an alert rule based on the Search Query Results?

 原文  2019-07-03 02:02:50       azure/ azure-log-analytics/ azure-monitoring

Question

With Azure Log Analytics, I use the log to monitor something and I'm setting up a new alert based on the query results.

How do I need to set the coding/query?

I tried on writing some coding to see the performance of CPU, memory on Azure Log and got the chart what I want.

Perf | where parse_json(CounterName) == "% Committed Bytes In Use" | where parse_json(ObjectName) == "Memory" | limit 10

I expect the I can set the alert based on the search result,

but when I click on "+ New alert rule", the chart is configured by Custom Log search instead of performance CounterValue (*like Memory %Committed Bytes In Use).

1 answers

solution1
 0 ACCPTED  2019-07-04 10:20:27

Perhaps I am missing something but based on given information and AFAIK it is as per design that the first signal you could see when you try to configure signal logic after clicking on "+ New alert rule" is "Custom log search" (which is of "Log" signal type that comes under "Log Analytics" monitor service). This "Custom log search" can be used in case you want to generate alert based on your own custom query. But in case you want to re-use pre-existing signals (of signal type "Metric", "Activity Log", etc.) then you may search for required one and leverage them. I did a quick search with the keyword(s) "committed bytes in use" but couldn't see any related signal so I would go with "Custom log search" signal.

If your question is more towards how to generate alert based on countervalue of counter named "% Committed Bytes In Use" then make sure "alert logic" is set to "Metric measurement" and update your query something like shown below. 

Perf 
| where parse_json(CounterName) == "% Committed Bytes In Use" 
| where parse_json(ObjectName) == "Memory" 
| limit 10
| summarize AggregatedValue= avg(CounterValue) by Computer, bin(TimeGenerated, 30s)

For more information related to alert logics (either "metric measurement" or "number of results"), please refer this document.

Other related references:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#create-a-log-alert-rule-with-the-azure-portal

Hope this helps!! Cheers!!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Monitor / Log Analytics metric alert query Set an alert on Azure from Log Analytics Workspace How to retrieve a “Log Search” alert rule using the Azure API Azure Log Analytics workspace alert rule giving bad gateway error while disabling alert rule using Azure powershell Log Analytics alert rule at specific time Azure Log Analytics - Search REST API - How to Paginate through results Azure Log Analytics query does not return any results How to Fetch only Azure Computers in OMS Log Analytics search query Azure Log Analytics POST / Search Query in Plain HTML using javascript Azure Log Analytics Metric Measurement Alert
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM