How to delete a stale alert in Log analytics?

%3CLINGO-SUB%20id%3D%22lingo-sub-1302760%22%20slang%3D%22en-US%22%3EHow%20to%20delete%20a%20stale%20alert%20in%20Log%20analytics%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1302760%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20deleted%20an%20alert%20rule%20without%20disabling%20it.%20But%20it%20is%20still%20firing%20alerts%20continously%20and%20filling%20up%20mail%20box.%20Is%20there%20a%20way%20to%20check%20stale%20alert%20in%20the%20background%20and%20delete%20it%20permanently%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1302760%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Monitor%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1312749%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20delete%20a%20stale%20alert%20in%20Log%20analytics%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1312749%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F612787%22%20target%3D%22_blank%22%3E%40Ashok42%3C%2FA%3E%20%2C%3C%2FP%3E%0A%3CP%3EI%20have%20never%20had%20such%20problem.%20Once%20the%20alert%20is%20deleted%20(no%20matter%20if%20previously%20was%20enabled%20or%20disabled)%20it%20will%20stop%20working.%20May%20be%20double%20check%20if%20there%20is%20another%20alert%20that%20is%20doing%20this%20or%20if%20you%20are%20still%20receiving%20delayed%20notifications%20from%20the%20time%20the%20alert%20was%20still%20deployed.%20In%20case%20you%20still%20have%20the%20case%20you%20are%20describing%20best%20is%20to%20raise%20official%20support%20ticket%20to%20Microsoft%20as%20if%26nbsp%3B%20the%20resource%20is%20not%20available%20but%20still%20working%20is%20some%20kind%20of%20bug%20they%20can%20resolve%20only.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1320348%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20delete%20a%20stale%20alert%20in%20Log%20analytics%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1320348%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9172%22%20target%3D%22_blank%22%3E%40Stanislav%20Zhelyazkov%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20reply.%3C%2FP%3E%3CP%3EI%20have%20double%20checked%20it.%20Even%20i%20tried%20to%20navigate%20to%20the%20alert%20rule%20from%20the%20fired%20alert%2C%20redirecting%20a%20message%20'alert%20rule%20not%20found'.%20I%20have%20been%20receiving%201000%2B%20alerts%20in%20a%20week.%3C%2FP%3E%3CP%3EWill%20raise%20a%20case%20with%20Microsoft.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1321132%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20delete%20a%20stale%20alert%20in%20Log%20analytics%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1321132%22%20slang%3D%22en-US%22%3EMetric%20measurement%20alert%20rules%20create%20an%20alert%20for%20each%20object%20in%20a%20query%20with%20a%20value%20that%20exceeds%20a%20specified%20threshold%20and%20specified%20trigger%20condition.%20Unlike%20Number%20of%20results%20alert%20rules%2C%20Metric%20measurement%20alert%20rules%20work%20when%20analytics%20result%20provides%20a%20time%20series.%20They%20have%20the%20following%20distinct%20differences%20from%20Number%20of%20results%20alert%20rules.%3CBR%20%2F%3E%3CBR%20%2F%3EAggregate%20function%3A%20Determines%20the%20calculation%20that%20is%20performed%20and%20potentially%20a%20numeric%20field%20to%20aggregate.%20For%20example%2C%20count()%20returns%20the%20number%20of%20records%20in%20the%20query%2C%20avg(CounterValue)%20returns%20the%20average%20of%20the%20CounterValue%20field%20over%20the%20interval.%20Aggregate%20function%20in%20query%20must%20be%20named%2Fcalled%3A%20AggregatedValue%20and%20provide%20a%20numeric%20value.%3CBR%20%2F%3E%3CBR%20%2F%3EGroup%20Field%3A%20A%20record%20with%20an%20aggregated%20value%20is%20created%20for%20each%20instance%20of%20this%20field%2C%20and%20an%20alert%20can%20be%20generated%20for%20each.%20For%20example%2C%20if%20you%20wanted%20to%20generate%20an%20alert%20for%20each%20computer%2C%20you%20would%20use%20by%20Computer.%20In%20case%2C%20there%20are%20multiple%20group%20fields%20specified%20in%20alert%20query%2C%20user%20can%20specify%20which%20field%20to%20be%20used%20to%20sort%20results%20by%20using%20the%20Aggregate%20On%20(metricColumn)%20parameter%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I have deleted an alert rule without disabling it. But it is still firing alerts continously and filling up mail box. Is there a way to check stale alert in the background and delete it permanently ?

3 Replies
Highlighted

Hi@Ashok42 ,

I have never had such problem. Once the alert is deleted (no matter if previously was enabled or disabled) it will stop working. May be double check if there is another alert that is doing this or if you are still receiving delayed notifications from the time the alert was still deployed. In case you still have the case you are describing best is to raise official support ticket to Microsoft as if  the resource is not available but still working is some kind of bug they can resolve only.

Highlighted

@Stanislav Zhelyazkov 

Thanks for the reply.

I have double checked it. Even i tried to navigate to the alert rule from the fired alert, redirecting a message 'alert rule not found'. I have been receiving 1000+ alerts in a week.

Will raise a case with Microsoft. 

Highlighted
Metric measurement alert rules create an alert for each object in a query with a value that exceeds a specified threshold and specified trigger condition. Unlike Number of results alert rules, Metric measurement alert rules work when analytics result provides a time series. They have the following distinct differences from Number of results alert rules.

Aggregate function: Determines the calculation that is performed and potentially a numeric field to aggregate. For example, count() returns the number of records in the query, avg(CounterValue) returns the average of the CounterValue field over the interval. Aggregate function in query must be named/called: AggregatedValue and provide a numeric value.

Group Field: A record with an aggregated value is created for each instance of this field, and an alert can be generated for each. For example, if you wanted to generate an alert for each computer, you would use by Computer. In case, there are multiple group fields specified in alert query, user can specify which field to be used to sort results by using the Aggregate On (metricColumn) parameter