Sep 28 2019
01:28 AM
- last edited on
Apr 08 2022
10:08 AM
by
TechCommunityAP
Sep 28 2019
01:28 AM
- last edited on
Apr 08 2022
10:08 AM
by
TechCommunityAP
Hi Experts,
I have a big concern after when a VM get rebooted and I haven't found any alert through ALA alert.
Let me shed some background behind the scenes.
Generally we have 60 heartbeat for every VMs but I have received 59 heartbeat for one VM and checked that was rebooted but I have not received any alert.
Have a look on below data, where we could see in first column everything is fine but column 2 and 3 has one missing heartbeat.
TimeGenerated | TimeGenerated | TimeGenerated |
2019-09-27T10:00:39 | 2019-09-27T16:00:06 | 2019-09-27T17:00:01 |
2019-09-27T10:01:39 | 2019-09-27T16:01:06 | 2019-09-27T17:01:01 |
2019-09-27T10:02:39 | 2019-09-27T16:02:06 | 2019-09-27T17:02:01 |
2019-09-27T10:03:39 | 2019-09-27T16:03:06 | 2019-09-27T17:03:01 |
2019-09-27T10:04:39 | 2019-09-27T16:04:06 | 2019-09-27T17:04:06 |
2019-09-27T10:05:39 | 2019-09-27T16:05:06 | 2019-09-27T17:05:06 |
2019-09-27T10:06:39 | 2019-09-27T16:06:06 | 2019-09-27T17:06:06 |
2019-09-27T10:07:40 | 2019-09-27T16:07:06 | 2019-09-27T17:07:06 |
2019-09-27T10:08:40 | 2019-09-27T16:08:06 | 2019-09-27T17:08:11 |
2019-09-27T10:09:40 | 2019-09-27T16:09:06 | 2019-09-27T17:09:11 |
2019-09-27T10:10:40 | 2019-09-27T16:10:06 | 2019-09-27T17:10:11 |
2019-09-27T10:11:40 | 2019-09-27T16:11:06 | 2019-09-27T17:11:11 |
2019-09-27T10:12:40 | 2019-09-27T16:12:11 | 2019-09-27T17:12:16 |
2019-09-27T10:13:40 | 2019-09-27T16:13:11 | 2019-09-27T17:13:16 |
2019-09-27T10:14:40 | 2019-09-27T16:14:11 | 2019-09-27T17:14:16 |
2019-09-27T10:15:40 | 2019-09-27T16:15:11 | 2019-09-27T17:15:16 |
2019-09-27T10:16:40 | 2019-09-27T16:16:16 | 2019-09-27T17:16:21 |
2019-09-27T10:17:40 | 2019-09-27T16:17:16 | 2019-09-27T17:17:21 |
2019-09-27T10:18:40 | 2019-09-27T16:18:16 | 2019-09-27T17:18:21 |
2019-09-27T10:19:40 | 2019-09-27T16:19:16 | 2019-09-27T17:19:21 |
2019-09-27T10:20:40 | 2019-09-27T16:20:21 | 2019-09-27T17:20:26 |
2019-09-27T10:21:40 | 2019-09-27T16:21:21 | 2019-09-27T17:21:26 |
2019-09-27T10:22:40 | 2019-09-27T16:22:21 | 2019-09-27T17:22:26 |
2019-09-27T10:23:40 | 2019-09-27T16:23:21 | 2019-09-27T17:23:26 |
2019-09-27T10:24:40 | 2019-09-27T16:24:26 | 2019-09-27T17:24:31 |
2019-09-27T10:25:40 | 2019-09-27T16:25:26 | 2019-09-27T17:25:31 |
2019-09-27T10:26:40 | 2019-09-27T16:26:26 | 2019-09-27T17:26:31 |
2019-09-27T10:27:40 | 2019-09-27T16:27:26 | 2019-09-27T17:27:31 |
2019-09-27T10:28:40 | 2019-09-27T16:28:26 | 2019-09-27T17:28:36 |
2019-09-27T10:29:40 | 2019-09-27T16:29:26 | 2019-09-27T17:29:36 |
2019-09-27T10:30:40 | 2019-09-27T16:30:26 | 2019-09-27T17:30:36 |
2019-09-27T10:31:40 | 2019-09-27T16:31:26 | 2019-09-27T17:31:36 |
2019-09-27T10:32:40 | 2019-09-27T16:32:26 | 2019-09-27T17:32:41 |
2019-09-27T10:33:40 | 2019-09-27T16:33:26 | 2019-09-27T17:33:41 |
2019-09-27T10:34:40 | 2019-09-27T16:34:26 | 2019-09-27T17:34:41 |
2019-09-27T10:35:40 | 2019-09-27T16:35:31 | 2019-09-27T17:35:41 |
2019-09-27T10:36:40 | 2019-09-27T16:36:31 | 2019-09-27T17:36:46 |
2019-09-27T10:37:40 | 2019-09-27T16:37:31 | 2019-09-27T17:37:46 |
2019-09-27T10:38:40 | 2019-09-27T16:38:31 | 2019-09-27T17:38:46 |
2019-09-27T10:39:40 | 2019-09-27T16:39:36 | 2019-09-27T17:39:46 |
2019-09-27T10:40:40 | 2019-09-27T16:40:36 | 2019-09-27T17:40:51 |
2019-09-27T10:41:40 | 2019-09-27T16:41:36 | 2019-09-27T17:41:51 |
2019-09-27T10:42:40 | 2019-09-27T16:42:36 | 2019-09-27T17:42:51 |
2019-09-27T10:43:40 | 2019-09-27T16:43:41 | 2019-09-27T17:43:51 |
2019-09-27T10:44:40 | 2019-09-27T16:44:41 | 2019-09-27T17:44:56 |
2019-09-27T10:45:40 | 2019-09-27T16:45:41 | 2019-09-27T17:45:56 |
2019-09-27T10:46:40 | 2019-09-27T16:46:41 | 2019-09-27T17:46:56 |
2019-09-27T10:47:40 | 2019-09-27T16:47:46 | 2019-09-27T17:47:56 |
2019-09-27T10:48:40 | 2019-09-27T16:48:46 | 2019-09-27T17:48:56 |
2019-09-27T10:49:40 | 2019-09-27T16:49:46 | 2019-09-27T17:49:56 |
2019-09-27T10:50:40 | 2019-09-27T16:50:46 | 2019-09-27T17:50:56 |
2019-09-27T10:51:40 | 2019-09-27T16:51:51 | 2019-09-27T17:51:56 |
2019-09-27T10:52:40 | 2019-09-27T16:52:51 | 2019-09-27T17:52:56 |
2019-09-27T10:53:41 | 2019-09-27T16:53:51 | 2019-09-27T17:53:56 |
2019-09-27T10:54:41 | 2019-09-27T16:54:51 | 2019-09-27T17:54:56 |
2019-09-27T10:55:41 | 2019-09-27T16:55:56 | Data for 55 is missing |
2019-09-27T10:56:41 | 2019-09-27T16:56:56 | 2019-09-27T17:56:01 |
2019-09-27T10:57:41 | 2019-09-27T16:57:56 | 2019-09-27T17:57:01 |
2019-09-27T10:58:41 | 2019-09-27T16:58:56 | 2019-09-27T17:58:01 |
2019-09-27T10:59:41 | Data for 59 is missing | 2019-09-27T17:59:01 |
Used query to get this data: -
Alert Logic
Number of Result Greater Then 0
Evaluated based on
Period 1440
Frequency 1440
Thanks for the help :)
Sep 30 2019 01:55 AM
Is the goal to Alert when a heartbeat is missed in the past 5mins?
Heartbeat
| summarize LastCall = max(TimeGenerated) by Computer
| where LastCall < ago(5m)
//| project tMinus5 = ago(5m), LastCall, Computer
| count
Sep 30 2019 05:17 AM - edited Sep 30 2019 05:18 AM
@CliveWatson Somewhere yes or no, I am in dilemma to answer your question.
If you will check my question there you could see three columns for heartbeat data and this data in column one is good (means we have 60 heartbeat after 1 minute). But in next two columns you could see data is missing for one heartbeat (means we have 59 heartbeat in one hour and we missed one heartbeat).
So what i generally want is if any server miss any heartbeat, I should have alert for the same.
Since every server sends heartbeat after every minute as far as i know and read.
Or you could let me know any alert mechanism because my end goal to have a reboot and down alert for Windows and Linux (Similar like Heartbeat and Failed to connect in SCOM).
Thanks in advance for your support :)