Azure monitor - prevent alarm on service restart

Hi, A simple script is used, which works in the event that the service stops or that the service stops and starts. Is there a possibility, or how to make a query so that the alarm is not triggered ...

Azure monitor alert

Clive_Watson

Feb 27, 2024

Mali_Stane

You can look to check the time difference between the states, something like this?

Event
| where EventLog == 'System' and EventID ==7036 and Source == 'Service Control Manager'
| where Computer == "--------------"
| where RenderedDescription contains "---------- service entered"
| parse kind = relaxed EventData with *'</Data><Data Name="param2">' Windows_Service_State "</Data>" *
| sort by TimeGenerated asc
| project Windows_Service_State, TimeGenerated, diffinMinutes=datetime_diff('minute',TimeGenerated, prev(TimeGenerated))
| where diffinMinutes > 1

Clive_Watson

Bronze Contributor

Feb 27, 2024

Mali_Stane

You can look to check the time difference between the states, something like this?

Event
| where EventLog == 'System' and EventID ==7036 and Source == 'Service Control Manager'
| where Computer == "--------------"
| where RenderedDescription contains "---------- service entered"
| parse kind = relaxed EventData with *'</Data><Data Name="param2">' Windows_Service_State "</Data>" *
| sort by TimeGenerated asc
| project Windows_Service_State, TimeGenerated, diffinMinutes=datetime_diff('minute',TimeGenerated, prev(TimeGenerated))
| where diffinMinutes > 1

Mali_Stane
Copper Contributor
Feb 28, 2024
Thank you,
I will create a logic around it..

Forum Discussion

Azure monitor - prevent alarm on service restart

Resources