SOLVED

Can someone help me with finding a way to Alert on missing heartbeats for an On-Premise VM

%3CLINGO-SUB%20id%3D%22lingo-sub-983507%22%20slang%3D%22en-US%22%3ECan%20someone%20help%20me%20with%20finding%20a%20way%20to%20Alert%20on%20missing%20heartbeats%20for%20an%20On-Premise%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-983507%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ECan%20someone%20help%20me%20with%20finding%20a%20way%20to%20Alert%20on%20missing%20heartbeats%20for%20an%20On-Premise%20VM%20running%20the%20MMA%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20some%20on-premise%20machines%2C%20which%20I%20installed%20and%20configured%20with%20the%20MMA%20to%20sent%20their%20logs%20towards%20Log%20Analytics.%20I%20can%20see%20heartbeats%20being%20reported%2C%20but%20now%20I%20want%20to%20create%20an%20Alert%20that%20notifies%20me%20whenever%20one%20of%20the%20hosts%20is%20down.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20believe%20*and%20correct%20me%20if%20i'm%20wrong*%20that%20if%20the%20machine%20would%20be%20running%20on%20Azure%2C%20we%20would%20have%20metrics%20coming%20from%20the%20platform%20capable%20of%20detecting%20missing%20heartbeats%2C%20but%20since%20we%20only%20have%20the%20agent%20reporting%2C%20the%20actual%20query%20would%20be%20something%20like%20give%20me%20an%20alert%20when%20a%20%22previous%20known%22%20machine%20is%20not%20sending%20heartbeat%20anymore%20for%20x%20amount%20of%20times%20within%20an%20x%20defined%20timeframe.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20someone%20help%20me%20out%20here%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20in%20advance%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EKenneth%20van%20Surksum%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-983507%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-990186%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20someone%20help%20me%20with%20finding%20a%20way%20to%20Alert%20on%20missing%20heartbeats%20for%20an%20On-Premise%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-990186%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F44184%22%20target%3D%22_blank%22%3E%40KeNNetH%20-%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHeartbeat%20is%20just%20the%20agent%20(so%20its%20possible%20for%20just%20the%20agent%20to%20be%20unavailable%20whilst%20the%20computer%20is%20working)%2C%20so%20in%20Azure%20or%20on-premises%20its%20good%20to%20have%20another%20check.%26nbsp%3B%20In%20Azure%2C%20Azure%20Monitor%20metrics%20is%20good%20(quick)%2C%20on-premises%20you%20could%20use%20something%20like%20a%20Perf%20counter%20as%20another%20check%2C%20but%20there%20will%20be%20some%20latency.%26nbsp%3B%20I%20know%20this%20is%20being%20looked%20at...api%20calls.%20ping%20tests%20etc...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Can someone help me with finding a way to Alert on missing heartbeats for an On-Premise VM running the MMA?

 

I have some on-premise machines, which I installed and configured with the MMA to sent their logs towards Log Analytics. I can see heartbeats being reported, but now I want to create an Alert that notifies me whenever one of the hosts is down. 

 

I believe *and correct me if i'm wrong* that if the machine would be running on Azure, we would have metrics coming from the platform capable of detecting missing heartbeats, but since we only have the agent reporting, the actual query would be something like give me an alert when a "previous known" machine is not sending heartbeat anymore for x amount of times within an x defined timeframe.

 

Can someone help me out here?

 

Thanks in advance,

 

Kenneth van Surksum

1 Reply
Best Response confirmed by KeNNetH - (New Contributor)
Solution

@KeNNetH - 

 

Heartbeat is just the agent (so its possible for just the agent to be unavailable whilst the computer is working), so in Azure or on-premises its good to have another check.  In Azure, Azure Monitor metrics is good (quick), on-premises you could use something like a Perf counter as another check, but there will be some latency.  I know this is being looked at...api calls. ping tests etc...