Major limitation in Alerting!

Copper Contributor

Is there a way to come around some major limitations when creating Alerts? The biggest problem is the Time Window restriction. This restricts us from searching in data older than 24 hours when creating an alert. I expect a record for a custom MessageType 
to arrive once a week, i am not able to create an Alert if this message does not appear as expected.

The retention days for OMS Log Analytics is minimum 31 days according to this article:  LogAnalyticsRetention

Why do we then have a limitation of 24 hours in the alert query.

In my portal some messages that arrive irregullary, and i still want to warn if they do not arrive at a certain day. There should absolutely not be a restriction that prevent me from these types of alerts as long as the data is accessible with a standard search....

2 Replies

I very much agree. The 24 hour limitation is pretty difficult to deal with. You could work around this with Powershell by doing your query there, and dropping a checkpoint in every day with the results of your "alert", and then alert off of the checkpoint data, but the result is pretty clunky.

Thank's for the answer!

 

Yes, and how hard can it be to remove this limitation?  I cannot see any advantages to set a limitation like that.  All workarounds on this issue will be lead to a Monitoring-Service that is harder to maintain...