cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

how can I use this result to alert me

%3CLINGO-SUB%20id%3D%22lingo-sub-1466367%22%20slang%3D%22en-US%22%3Ehow%20can%20I%20use%20this%20result%20to%20alert%20me%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1466367%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20azure%20logs%20%2C%20I%20use%20this%20to%20get%20my%20linux%20server%20disk%20usage%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPerf%20%7Cwhere%20TimeGenerated%20%26gt%3B%20ago(3min)%3CBR%20%2F%3E%7C%20where%20ObjectName%20%3D%3D%20%22Logical%20Disk%22%20%2F%2F%20the%20object%20name%20used%20in%20Linux%20records%3CBR%20%2F%3E%7C%20where%20CounterName%20%3D%3D%20%22%25%20Used%20Space%22%20and%20InstanceName%20!%3D%20%22_Total%22%3CBR%20%2F%3E%7C%20summarize%20by%20InstanceName%2CCounterValue%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20when%20I%20use%20to%20result%20to%20became%20alert%20%2C%20it%20always%20show%20%22%3CSPAN%3ESearch%20Query%20should%20contain%20'AggregatedValue'%20and%20'bin(TimeGenerated%2C%20%5BroundTo%5D)'%20for%20Metric%20alert%20type%22%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20how%20can%20I%26nbsp%3Bovercome%20it%20%3F%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1466367%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1466990%22%20slang%3D%22en-US%22%3ERe%3A%20how%20can%20I%20use%20this%20result%20to%20alert%20me%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1466990%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F700152%22%20target%3D%22_blank%22%3E%40JACK_LAI_1117%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-cpp%22%3E%3CCODE%3EPerf%20%7Cwhere%20TimeGenerated%20%26gt%3B%20ago(3min)%0A%7C%20where%20ObjectName%20%3D%3D%20%22Logical%20Disk%22%20%2F%2F%20the%20object%20name%20used%20in%20Linux%20records%0A%7C%20where%20CounterName%20%3D%3D%20%22%25%20Used%20Space%22%20and%20InstanceName%20!%3D%20%22_Total%22%0A%7C%20summarize%20by%20InstanceName%2CCounterValue%2C%20bin(TimeGenerated%2C1m)%0A%7C%20extend%20AggregatedValue%20%3D%20CounterValue%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eor%20see%20examples%20on%20this%20page%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Falerts-unified-log%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Falerts-unified-log%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473317%22%20slang%3D%22en-US%22%3ERe%3A%20how%20can%20I%20use%20this%20result%20to%20alert%20me%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473317%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20much%20for%20your%20replya%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fstareyes_40x40.gif%22%20alt%3D%22%3Astareyes%3A%22%20title%3D%22%3Astareyes%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
JACK_LAI_1117
Occasional Contributor

‎Jun 15 2020 03:00 PM

‎Jun 15 2020 03:00 PM

how can I use this result to alert me

In azure logs , I use this to get my linux server disk usage 

 

Perf |where TimeGenerated > ago(3min)
| where ObjectName == "Logical Disk" // the object name used in Linux records
| where CounterName == "% Used Space" and InstanceName != "_Total"
| summarize by InstanceName,CounterValue

 

But when I use to result to became alert , it always show "Search Query should contain 'AggregatedValue' and 'bin(TimeGenerated, [roundTo])' for Metric alert type" 

 

So how can I overcome it ??

Preview file
55 KB
262 Views
0 Likes
2 Replies
Reply
2 Replies
Best Response confirmed by JACK_LAI_1117 (Occasional Contributor)
Clive Watson

‎Jun 16 2020 12:55 AM

‎Jun 16 2020 12:55 AM

Solution

Re: how can I use this result to alert me

@JACK_LAI_1117 

 

Perf |where TimeGenerated > ago(3min)
| where ObjectName == "Logical Disk" // the object name used in Linux records
| where CounterName == "% Used Space" and InstanceName != "_Total"
| summarize by InstanceName,CounterValue, bin(TimeGenerated,1m)
| extend AggregatedValue = CounterValue

 

or see examples on this page:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-unified-log

 

 

0 Likes
Reply
JACK_LAI_1117

‎Jun 18 2020 12:55 AM

‎Jun 18 2020 12:55 AM

Re: how can I use this result to alert me

Thank you much for your replya

 

@Clive Watson :stareyes:

0 Likes
Reply