azure custom log alert never triggered

%3CLINGO-SUB%20id%3D%22lingo-sub-332838%22%20slang%3D%22en-US%22%3Eazure%20custom%20log%20alert%20never%20triggered%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-332838%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI'm%20trying%20to%20setup%20a%20new%20alert%20in%20Azure%20Log%20Analytics%20in%20order%20to%20detect%20the%20increase%20of%20the%20failed%20request%20percentage%20in%20Azure%20Log%20Analytics.%3C%2FP%3E%3CP%3EThis%20is%20my%20custom%20log%20search%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elet%20timeGrain%3D30m%3B%3CBR%20%2F%3Elet%20dataset%3Drequests%3CBR%20%2F%3E%7C%20where%20client_Type%20!%3D%20%22Browser%22%3CBR%20%2F%3Edataset%3CBR%20%2F%3E%7C%20summarize%3CBR%20%2F%3E%2F%2F%20calculate%20failed%20request%20count%20for%20all%20requests%3CBR%20%2F%3EAggregatedValue%3Dround((sumif(itemCount%2C%20success%20%3D%3D%20false))*1000.0%2F(sum(itemCount))*1.0%2C4)%20by%20bin(timestamp%2C%20timeGrain)%3CBR%20%2F%3E%2F%2F%20round%20specifies%20how%20many%20decimals%20we%20want%2C%20100.0%20and%201.0%20forces%20the%20value%20to%20be%20a%20float%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20visualize%20the%20result%2C%20I'm%20getting%20the%20trend%20regarding%20the%20failure%20percentage.%20I've%20used%20the%20same%20query%20to%20trigger%20an%20alert%20with%20the%20following%20settings%3A%3C%2FP%3E%3CP%3E-%20Metric%20measurement%20greater%20than%200%3C%2FP%3E%3CP%3E-%20consecutive%20breaches%20greater%20than%201%3C%2FP%3E%3CP%3E-%20Period%20(grain)%3A%20over%20the%20last%2030%20minutes%3C%2FP%3E%3CP%3E-%20Frequency%3A%20every%205%20mins%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%2C%20the%20alert%20is%20never%20triggered%20even%20though%20the%20percentage%20of%20failed%20requests%20is%20always%20greater%20than%200.%20Why%20is%20that%20happening%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThanks%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EMarco%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-332838%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Insights%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECustom%20Logs%20and%20Custom%20Fields%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-333870%22%20slang%3D%22en-US%22%3ERe%3A%20azure%20custom%20log%20alert%20never%20triggered%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-333870%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20There%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20check%20with%20this%20way%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Number%20of%20results%20greater%20than%200%3C%2FP%3E%3CP%3E-%20Period%20(grain)%3A%20over%20the%20last%2030%20minutes%3C%2FP%3E%3CP%3E-%20Frequency%3A%20every%205%20mins%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20this%20is%20doing%20here%2C%20It%20will%20run%20query%20after%20every%205%20minute%20to%20check%20last%2030%20minutes%20data.%20So%20if%20you%20will%20use%20%22-%20consecutive%20breaches%20greater%20than%201%22%20then%20this%20means%20if%20there%20are%20no%20consecutive%20fails%20in%20last%2030%20minutes%20data%20then%20alert%20would%20be%20triggered.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%2C%20just%20my%20two%20cents%20on%20it%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi all,

I'm trying to setup a new alert in Azure Log Analytics in order to detect the increase of the failed request percentage in Azure Log Analytics.

This is my custom log search:

 

let timeGrain=30m;
let dataset=requests
| where client_Type != "Browser"
dataset
| summarize
// calculate failed request count for all requests
AggregatedValue=round((sumif(itemCount, success == false))*1000.0/(sum(itemCount))*1.0,4) by bin(timestamp, timeGrain)
// round specifies how many decimals we want, 100.0 and 1.0 forces the value to be a float

 

If I visualize the result, I'm getting the trend regarding the failure percentage. I've used the same query to trigger an alert with the following settings:

- Metric measurement greater than 0

- consecutive breaches greater than 1

- Period (grain): over the last 30 minutes

- Frequency: every 5 mins

 

The problem is, the alert is never triggered even though the percentage of failed requests is always greater than 0. Why is that happening?


Thanks,


Marco

1 Reply

Hi There,

 

Could you please check with this way,

 

- Number of results greater than 0

- Period (grain): over the last 30 minutes

- Frequency: every 5 mins

 

What this is doing here, It will run query after every 5 minute to check last 30 minutes data. So if you will use "- consecutive breaches greater than 1" then this means if there are no consecutive fails in last 30 minutes data then alert would be triggered.

 

Hope this helps, just my two cents on it :)