Azure Alert off of Log Analytics Table Schema
Question
I am trying to trigger an alert when the columns in the AzureDiagnostic Table in Log Analytics is >400 since there is a 500 column limit to the table where records will start dropping .
The issue is Alerts expects and AggregatedValue and a TimeGenerated. Since this is a schema there is not a true Time Generated. I've tried a "time" metric and renaming the column to be "TimeGenerated" but get the following error:
Search Query should contain 'AggregatedValue' and 'bin(TimeGenerated, [roundTo])' for Metric alert type
This is the alert query I have:
AzureDiagnostics
| getschema
| summarize AggregatedValue = count(ColumnName) by bin(1d, 5m)
|project AggregatedValue, TimeGenerated=Column1
And I get these results:
2 answers
solution1
1 2019-12-29 07:52:17
I'm from the Azure Monitor Log Analytics team. We are actively working in Azure Log Analytics to avoid it all together. We are working now to have dedicated tables for most of Azure resource so it wouldn't overpopulate the AzureDiagnostics table. Some Azure resource like Azure Data Factory have options to control whether it would use the dedicated tables or AzureDiagnistcs. See #4 here: https://docs.microsoft.com/en-us/azure/data-factory/monitor-using-azure-monitor#monitor-data-factory-metrics-with-azure-monitor
solution2
0 ACCPTED 2019-12-17 17:46:54
I changed my logic to return a record or not. It will return a record only if the threshold has been met of 400 columns and then set my alert Threshold value to > 0.
AzureDiagnostics
| getschema
| summarize count(ColumnName)
| where count_ColumnName >400
Alert:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.