Forum Discussion

Rahul_Mahajan's avatar
Rahul_Mahajan
Brass Contributor
Oct 01, 2019

Diagnostic settings Alert

Hello,

 

How can I set alert for Diagnostic settings like whoever enabling it with username, time, date and resource group name.

 

Thanks in advance.

Azure Log Analytics
azure monitor

1 Reply

  • CliveWatson's avatar
    CliveWatson
    Silver Contributor
    Oct 01, 2019

    Rahul_Mahajan 

     

    The AzureActivcity logs has a lot of categories, so you need to scope it careful or you will get all (and many) alerts.

     

    From the GUI

     

    Then

     

    From Log Analytics

    AzureActivity
| where TimeGenerated > startofday(ago(7d))
| where Category == "Administrative"
| where OperationName == "Create or update resource diagnostic setting"
| summarize count() by ActivityStatus, OperationName, Resource, Caller, ResourceGroup, TimeGenerated

     - this isn't a full query but should help you.   Just hit "new alert rule" after you run this (and after any edits you require).  Click below to see the results on test data - I limited the results to 5 

     

    Go to Log Analytics and Run Query

    ActivityStatus OperationName Resource Caller ResourceGroup TimeGenerated count_
    Started Create or update resource diagnostic setting setByPolicy 1461b1b8-18a7-4d1b-a74d-6c19f48358d0 contosoazurehq 2019-09-24T22:44:58.976Z 1
    Started Create or update resource diagnostic setting setByPolicy 1461b1b8-18a7-4d1b-a74d-6c19f48358d0 contosoitlabsupport 2019-09-24T22:44:57.856Z 1
    Succeeded Create or update resource diagnostic setting setByPolicy 1461b1b8-18a7-4d1b-a74d-6c19f48358d0 contosoazurehq 2019-09-24T22:44:57.009Z 1
    Started Create or update resource diagnostic setting setByPolicy 1461b1b8-18a7-4d1b-a74d-6c19f48358d0 contosoazurehq 2019-09-24T22:44:54.577Z 1
    Succeeded Create or update resource diagnostic setting setByPolicy 1461b1b8-18a7-4d1b-a74d-6c19f48358d0 contosoautomation 2019-09-24T22:46:12.993Z 1

Resources