SOLVED

Log Analytics Email -remove "Insights"from Email Alert

%3CLINGO-SUB%20id%3D%22lingo-sub-1070388%22%20slang%3D%22en-US%22%3ELog%20Analytics%20Email%20-remove%20%22Insights%22from%20Email%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1070388%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI%20am%20looking%20for%20some%20help%20on%20the%20Email%20alert%20set%20up%20using%20LogAnalytics.%20I%20have%20set%20up%20Queries%20in%20LgAnalytics%20and%20it%20sends%20email%20when%20the%20condition%20is%20met%20-%20I%20have%20no%20issues%20with%20it.%20Azure%20sends%20out%20the%20email%20with%203%20categories%3C%2FP%3E%3CP%3E1)%20%22Essentials%22%20contain%20your%20Query%20name%2C%20Description%2C%20Severity%20Resource%2C%20search%20interval%20%26amp%3B%20Duration.%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20Search%20Query%20-%20Gives%20you%20the%20Query%20you%20wrote%20for%20in%20LogAnalytics%3C%2FP%3E%3CP%3E3)%26nbsp%3BInsights%20-%26nbsp%3BTop%2010%20result(s)%20-%20gives%20information%20on%26nbsp%3BActivityStatus%2CSubscriptionId%2C%20CorrelationId%2C%20Category%2C%20Authorization%20%2CResourceId%2C%20HTTPRequest%20and%2030%20other%20things%20which%20are%20not%20required%20and%20makes%20the%20email%20so%20long%20and%20unrelated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20question%20is%2C%20can%20we%20remove%20the%20%22Insights%20%22%20portion%20of%20this%20email%3F%20please%20suggest%2C%20thank%20you!%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1070388%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1071991%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20Email%20-remove%20%22Insights%22from%20Email%20Alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1071991%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F491663%22%20target%3D%22_blank%22%3E%40nishathriaz%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20is%20no%20way%20to%20modify%20the%20e-mail%20template%20that%20is%20send.%20you%20are%20free%20for%20example%20to%20use%20Logic%20App%2C%20Azure%20Function%20or%20Automation%20runbook%20as%20action%20group%20integration%20instead%20of%20e-mail.%20Those%20services%20can%20receive%20the%20alert%20information%20in%20common%20alert%20schema%2C%20process%20it%20and%20send%20e-mail%20to%20format%20that%20you%20prefer.%20Of%20course%20that%20means%20you%20will%20have%20to%20have%20your%20own%20e-mail%20provider%20from%20which%20you%20can%20send%20e-mails.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

I am looking for some help on the Email alert set up using LogAnalytics. I have set up Queries in LgAnalytics and it sends email when the condition is met - I have no issues with it. Azure sends out the email with 3 categories

1) "Essentials" contain your Query name, Description, Severity Resource, search interval & Duration. 

2) Search Query - Gives you the Query you wrote for in LogAnalytics

3) Insights - Top 10 result(s) - gives information on ActivityStatus,SubscriptionId, CorrelationId, Category, Authorization ,ResourceId, HTTPRequest and 30 other things which are not required and makes the email so long and unrelated.

 

My question is, can we remove the "Insights " portion of this email? please suggest, thank you! 

1 Reply
Best Response confirmed by Stanislav Zhelyazkov (MVP)
Solution

Hi@nishathriaz 

There is no way to modify the e-mail template that is send. you are free for example to use Logic App, Azure Function or Automation runbook as action group integration instead of e-mail. Those services can receive the alert information in common alert schema, process it and send e-mail to format that you prefer. Of course that means you will have to have your own e-mail provider from which you can send e-mails.