Forum Discussion

Ahmed Atef's avatar
Ahmed Atef
Brass Contributor
Mar 21, 2018
Solved

Heartbeat Azure Monitor OMS VMs

Hi all, i am trying to create an Alert for heartbeats if VM is didn't heartbeat in the last 15 min... here what i did and unfortunately it didnt fire alert.    so i created a new alert rule in Az...
azure monitor
Query Language
  • Stanislav_Zhelyazkov's avatar
    Stanislav_Zhelyazkov
    Mar 22, 2018

    Hi

    Your query is correct. Probably you should remove

    | where TimeGenerated > ago(1d)

    because when the query is used in alert the timespan/timeframe is defined in the alert itself. In the heartbeat alert you would want your the evaluation time to be longer than 15 minutes. Make it at least one hour but probably 24 hours would be better as that was the time span in your query. With that setting you should get alert in 15 minutes after the vm goes down. Keep in mind that you want the VM to be down for 15 minutes at least. If it goes down only for 5 minutes you will probably not be alerted because heartbeat events will start to be send again so the alert will never trigger that the last heartbeat event was 15 minutes ago.

    Let me know if you have further questions.

Prashant Sharma's avatar
Prashant Sharma
Brass Contributor
May 31, 2018

after removing the day query line, you can write the line like.

let start_time=startofday(datetime("2018-05-30"));

let end_time=startofday(datetime("2018-05-31"));

| where TimeGenerated > start_time and TimeGenerated < end_time

Resources