Azure Log Query for VPN Tunnel status(Site to Site)

%3CLINGO-SUB%20id%3D%22lingo-sub-2693337%22%20slang%3D%22en-US%22%3EAzure%20Log%20Query%20for%20VPN%20Tunnel%20status(Site%20to%20Site)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2693337%22%20slang%3D%22en-US%22%3E%3CDIV%3EHi%2C%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EI%20am%20working%20on%20log%20query%20to%20create%20Azure%20monitor%20alert%20for%20Azure%20VPN%20gateway%20failed%2Fconnected%20*network%20connections*.%3C%2FDIV%3E%3CDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CDIV%3EHowever%20below%20is%20the%20query%20and%20output%3C%2FDIV%3E%3CDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CDIV%3Equery%3CBR%20%2F%3E%2F%2F%20S2S%20tunnel%20connet%2Fdisconnect%20events%3CBR%20%2F%3E%2F%2F%20S2S%20tunnel%20connet%2Fdisconnect%20events%20during%20the%20last%2024%20hours.%3CBR%20%2F%3EAzureDiagnostics%3CBR%20%2F%3E%7C%20where%20TimeGenerated%20%26gt%3B%20ago(1h)%3CBR%20%2F%3E%7C%20where%20Category%20%3D%3D%20%22TunnelDiagnosticLog%22%20and%20(status_s%20%3D%3D%20%22Connected%22%20or%20status_s%20%3D%3D%20%22Disconnected%22)%3CBR%20%2F%3E%7C%20project%20TimeGenerated%2C%20Resource%20%2C%20status_s%2C%20remoteIP_s%2C%20stateChangeReason_s%3C%2FDIV%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CDIV%3EI%20need%20individual%20network%20failed%2Fconnected%20alert%20instead%20of%20combined%20network%20connections%20in%20single%20alert.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Occasional Contributor
Hi,
 
I am working on log query to create Azure monitor alert for Azure VPN gateway failed/connected *network connections*.
 
However below is the query and output
 
query
// S2S tunnel connet/disconnect events
// S2S tunnel connet/disconnect events during the last 24 hours.
AzureDiagnostics
| where TimeGenerated > ago(1h)
| where Category == "TunnelDiagnosticLog" and (status_s == "Connected" or status_s == "Disconnected")
| project TimeGenerated, Resource , status_s, remoteIP_s, stateChangeReason_s
 
I need individual network failed/connected alert instead of combined network connections in single alert.
0 Replies