log analytics - create alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-2311239%22%20slang%3D%22en-US%22%3Elog%20analytics%20-%20create%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2311239%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%2C%20I%20have%20created%20log%20analytics%20workplace%20and%20set%20up%20diagnostic%20settings.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20would%20like%20to%20create%20an%20alert%20that%20will%20be%20triggered%20everytime%20when%20a%20user%2Fadmin%20access%20the%20log%20analytics%20workplace.%20How%20can%20I%20do%20that%20%3F%20Should%20I%20use%20query%20%3F%20Is%20it%20possible%20to%20do%20that%20%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EREgards%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EMaciej%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2311239%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ELog%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Hello, I have created log analytics workplace and set up diagnostic settings.

I would like to create an alert that will be triggered everytime when a user/admin access the log analytics workplace. How can I do that ? Should I use query ? Is it possible to do that ? 

 

REgards,

Maciej

1 Reply
You could maybe use AzureActitvity and KQL for this, this is one sikple example and you will need to tune this as there could be a lot of messages.


AzureActivity
| where OperationNameValue startswith 'microsoft.operationalinsights/workspaces/'
| summarize count() by Caller, ActivityStatusValue, CallerIpAddress, Category