Heratbeat alert missing

Contributor

Hi Experts,

 

I have a big concern after when a VM get rebooted and I haven't found any alert through ALA alert.

Let me shed some background behind the scenes.

Generally we have 60 heartbeat for every VMs but I have received 59 heartbeat for one VM and checked that was rebooted but I have not received any alert. 

Have a look on below data, where we could see in first column everything is fine but column 2 and 3 has one missing heartbeat.

 

TimeGeneratedTimeGeneratedTimeGenerated
2019-09-27T10:00:392019-09-27T16:00:062019-09-27T17:00:01
2019-09-27T10:01:392019-09-27T16:01:062019-09-27T17:01:01
2019-09-27T10:02:392019-09-27T16:02:062019-09-27T17:02:01
2019-09-27T10:03:392019-09-27T16:03:062019-09-27T17:03:01
2019-09-27T10:04:392019-09-27T16:04:062019-09-27T17:04:06
2019-09-27T10:05:392019-09-27T16:05:062019-09-27T17:05:06
2019-09-27T10:06:392019-09-27T16:06:062019-09-27T17:06:06
2019-09-27T10:07:402019-09-27T16:07:062019-09-27T17:07:06
2019-09-27T10:08:402019-09-27T16:08:062019-09-27T17:08:11
2019-09-27T10:09:402019-09-27T16:09:062019-09-27T17:09:11
2019-09-27T10:10:402019-09-27T16:10:062019-09-27T17:10:11
2019-09-27T10:11:402019-09-27T16:11:062019-09-27T17:11:11
2019-09-27T10:12:402019-09-27T16:12:112019-09-27T17:12:16
2019-09-27T10:13:402019-09-27T16:13:112019-09-27T17:13:16
2019-09-27T10:14:402019-09-27T16:14:112019-09-27T17:14:16
2019-09-27T10:15:402019-09-27T16:15:112019-09-27T17:15:16
2019-09-27T10:16:402019-09-27T16:16:162019-09-27T17:16:21
2019-09-27T10:17:402019-09-27T16:17:162019-09-27T17:17:21
2019-09-27T10:18:402019-09-27T16:18:162019-09-27T17:18:21
2019-09-27T10:19:402019-09-27T16:19:162019-09-27T17:19:21
2019-09-27T10:20:402019-09-27T16:20:212019-09-27T17:20:26
2019-09-27T10:21:402019-09-27T16:21:212019-09-27T17:21:26
2019-09-27T10:22:402019-09-27T16:22:212019-09-27T17:22:26
2019-09-27T10:23:402019-09-27T16:23:212019-09-27T17:23:26
2019-09-27T10:24:402019-09-27T16:24:262019-09-27T17:24:31
2019-09-27T10:25:402019-09-27T16:25:262019-09-27T17:25:31
2019-09-27T10:26:402019-09-27T16:26:262019-09-27T17:26:31
2019-09-27T10:27:402019-09-27T16:27:262019-09-27T17:27:31
2019-09-27T10:28:402019-09-27T16:28:262019-09-27T17:28:36
2019-09-27T10:29:402019-09-27T16:29:262019-09-27T17:29:36
2019-09-27T10:30:402019-09-27T16:30:262019-09-27T17:30:36
2019-09-27T10:31:402019-09-27T16:31:262019-09-27T17:31:36
2019-09-27T10:32:402019-09-27T16:32:262019-09-27T17:32:41
2019-09-27T10:33:402019-09-27T16:33:262019-09-27T17:33:41
2019-09-27T10:34:402019-09-27T16:34:262019-09-27T17:34:41
2019-09-27T10:35:402019-09-27T16:35:312019-09-27T17:35:41
2019-09-27T10:36:402019-09-27T16:36:312019-09-27T17:36:46
2019-09-27T10:37:402019-09-27T16:37:312019-09-27T17:37:46
2019-09-27T10:38:402019-09-27T16:38:312019-09-27T17:38:46
2019-09-27T10:39:402019-09-27T16:39:362019-09-27T17:39:46
2019-09-27T10:40:402019-09-27T16:40:362019-09-27T17:40:51
2019-09-27T10:41:402019-09-27T16:41:362019-09-27T17:41:51
2019-09-27T10:42:402019-09-27T16:42:362019-09-27T17:42:51
2019-09-27T10:43:402019-09-27T16:43:412019-09-27T17:43:51
2019-09-27T10:44:402019-09-27T16:44:412019-09-27T17:44:56
2019-09-27T10:45:402019-09-27T16:45:412019-09-27T17:45:56
2019-09-27T10:46:402019-09-27T16:46:412019-09-27T17:46:56
2019-09-27T10:47:402019-09-27T16:47:462019-09-27T17:47:56
2019-09-27T10:48:402019-09-27T16:48:462019-09-27T17:48:56
2019-09-27T10:49:402019-09-27T16:49:462019-09-27T17:49:56
2019-09-27T10:50:402019-09-27T16:50:462019-09-27T17:50:56
2019-09-27T10:51:402019-09-27T16:51:512019-09-27T17:51:56
2019-09-27T10:52:402019-09-27T16:52:512019-09-27T17:52:56
2019-09-27T10:53:412019-09-27T16:53:512019-09-27T17:53:56
2019-09-27T10:54:412019-09-27T16:54:512019-09-27T17:54:56
2019-09-27T10:55:412019-09-27T16:55:56Data for 55 is missing
2019-09-27T10:56:412019-09-27T16:56:562019-09-27T17:56:01
2019-09-27T10:57:412019-09-27T16:57:562019-09-27T17:57:01
2019-09-27T10:58:412019-09-27T16:58:562019-09-27T17:58:01
2019-09-27T10:59:41Data for 59 is missing2019-09-27T17:59:01

 

Used query to get this data: -

 

Heartbeat
| where TimeGenerated >= ago(48h)
| where Computer contains "server name"
| distinct TimeGenerated, Computer
| sort by TimeGenerated asc
 
And I am using below query and samples to trigger on heartbeat, please check and let me know what i need to modify to have an alert whenever any heartbeat gets missed.
 
Query Using in Alert: -
Heartbeat
| summarize LastCall = max(TimeGenerated) by Computer
| extend AggregatedValue = LastCall
| where LastCall < ago(5m)

 

Alert Logic

Number of Result Greater Then 0

 

Evaluated based on

Period 1440

Frequency 1440

 

Thanks for the help :)

2 Replies

@GouravIN 

 

Is the goal to Alert when a heartbeat is missed in the past 5mins?

Heartbeat
| summarize LastCall = max(TimeGenerated) by Computer
| where LastCall < ago(5m)
//| project tMinus5 = ago(5m), LastCall, Computer 
| count

Go to Log Analytics and Run Query 

 @CliveWatson  Somewhere yes or no, I am in dilemma to answer your question.

If you will check my question there you could see three columns for heartbeat data and this data in column one is good (means we have 60 heartbeat after 1 minute). But in next two columns you could see data is missing for one heartbeat (means we have 59 heartbeat in one hour and we missed one heartbeat).

 

So what i generally want is if any server miss any heartbeat, I should have alert for the same.

Since every server sends heartbeat after every minute as far as i know and read.

 

Or you could let me know any alert mechanism because my end goal to have a reboot and down alert for Windows and Linux (Similar like Heartbeat and Failed to connect in SCOM).

 

Thanks in advance for your support :)