cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automatically resolve Heartbeat alerts

Scott Allison
Iron Contributor

‎Mar 21 2022 05:14 AM - last edited on ‎Apr 08 2022 11:02 AM by

‎Mar 21 2022 05:14 AM - last edited on ‎Apr 08 2022 11:02 AM by

Automatically resolve Heartbeat alerts

Greetings,

 

I'm trying to use the newer feature "Automatically resolve alerts" with a Heartbeat alert, but I am having no luck no matter how I configure the alert. 

 

My query:

Heartbeat
| where TimeGenerated >= ago(24h)
| summarize LastHeartbeat=max(TimeGenerated) by Computer, _ResourceId
| where LastHeartbeat < ago(15m)

 

Signal logic:

ScottAllison_0-1647864674646.png

...and under Alert rule details, I have "Automatically resolve alerts" selected. 


My alerts trigger just fine (I've never had a problem with that), but when I bring a VM back online, the alert does not switch to a "Resolved" condition. All the alerts remain in a "Fired" condition. 

 

Am I missing something or does this feature even work?

 

Thanks in advance!

Labels:
2,162 Views
0 Likes
6 Replies
Reply
6 Replies
Mishagen

‎Mar 27 2022 02:20 PM

‎Mar 27 2022 02:20 PM

Re: Automatically resolve Heartbeat alerts

I would suggest to follow the steps described in the following article. https://contoso.se/blog/?p=4532

Hope this helps. :)
0 Likes
Reply
Scott Allison

‎Mar 28 2022 05:04 AM

‎Mar 28 2022 05:04 AM

Re: Automatically resolve Heartbeat alerts

Thanks. We already have a working alert. However, there is a newer option to automatically resolve the alert. This is the feature that is not working.
0 Likes
Reply
Mishagen

‎Mar 29 2022 02:34 PM

‎Mar 29 2022 02:34 PM

Re: Automatically resolve Heartbeat alerts

@Scott Allison Interesting. Have you checked if there is something "strange" in Avanced Options in the logic condition?

0 Likes
Reply
Mishagen

‎Mar 30 2022 11:53 AM

‎Mar 30 2022 11:53 AM

Re: Automatically resolve Heartbeat alerts

Hello @Scott Allison I tested your query and I got the same behavior. The alerts are triggered but they are unable to auto resolve, even if the condition met. I would suggest to open a support ticket for further investigation
0 Likes
Reply
SHL1209

‎Apr 10 2022 06:16 PM

‎Apr 10 2022 06:16 PM

Re: Automatically resolve Heartbeat alerts

I'm having the same issue too. I have noticed that if alert is setup with dimension, it will not get resolved automatically. Try removing those dimensions in your rule and check if it works for you.
Understand you may want alert to be fired based on dimension but at least we can narrow the scope of the issue.
0 Likes
Reply
twellinghurst

‎Aug 16 2022 11:06 AM

‎Aug 16 2022 11:06 AM

Re: Automatically resolve Heartbeat alerts

Have you found a solution for resolving the alerts? We are experiencing the same issue.
0 Likes
Reply