Looking for a Query that shows stats of Azure monitor

%3CLINGO-SUB%20id%3D%22lingo-sub-3273869%22%20slang%3D%22en-US%22%3ELooking%20for%20a%20Query%20that%20shows%20stats%20of%20Azure%20monitor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3273869%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20someone%20know%20the%20query%20to%20retrieve%20the%20different%20alerts%20like%20shown%20in%20the%20picture%20here%20below%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22dentom_0-1648828351910.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F360610iB411ACDB6924A11C%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22dentom_0-1648828351910.png%22%20alt%3D%22dentom_0-1648828351910.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3273869%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Monitor%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3285860%22%20slang%3D%22en-US%22%3ERe%3A%20Looking%20for%20a%20Query%20that%20shows%20stats%20of%20Azure%20monitor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3285860%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1350485%22%20target%3D%22_blank%22%3E%40dentom%3C%2FA%3E%26nbsp%3B%26nbsp%3BYou%20can%20also%20use%20readily%20available%20workbook%20for%20Alerts%20under%20Azure%20Monitor%20%3CBR%20%2F%3EPortal%20-%26gt%3B%20Monitor%20-%26gt%3B%20Workbooks%20-%26gt%3B%20Search%20Alert%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202022-04-14%20075708.jpg%22%20style%3D%22width%3A%20687px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F364214i5D9ACA93A9F922EC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202022-04-14%20075708.jpg%22%20alt%3D%22Screenshot%202022-04-14%20075708.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3275181%22%20slang%3D%22en-US%22%3ERe%3A%20Looking%20for%20a%20Query%20that%20shows%20stats%20of%20Azure%20monitor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3275181%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1350485%22%20target%3D%22_blank%22%3E%40dentom%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EARG%20example%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-cpp%22%3E%3CCODE%3Ealertsmanagementresources%0A%7C%20project%20name%2C%20subscriptionId%2C%20Severity_%20%3D%20tostring(properties.context.SeverityDescription)%2C%20TimeGenerated_%20%3D%20todatetime(properties.essentials.startDateTime)%2C%20properties%0A%7C%20where%20TimeGenerated_%20%26gt%3B%20ago(30d)%20%2F%2F%20and%20subscriptionId%20%3D%3D%20'%26lt%3B%20insert%20your%20ID%20here%26gt%3B'%0A%7C%20where%20isnotempty(Severity_)%0A%7C%20summarize%20%20count()%20by%20Severity_%2C%20subscriptionId%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Clive_Watson_0-1649064728506.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F361066i80409ECF1FB505CE%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Clive_Watson_0-1649064728506.png%22%20alt%3D%22Clive_Watson_0-1649064728506.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3275153%22%20slang%3D%22en-US%22%3ERe%3A%20Looking%20for%20a%20Query%20that%20shows%20stats%20of%20Azure%20monitor%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3275153%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1350485%22%20target%3D%22_blank%22%3E%40dentom%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3EIn%20order%20to%20retrieve%20all%20the%20alerts%20in%20this%20page%20we%20are%20querying%20ARG.%3C%2FP%3E%0A%3CP%3EIf%20I%20understand%20currently%20you%20are%20referring%20to%20how%20we%20are%20getting%20the%20count%20of%20the%20alerts%20by%20severity.%20For%20that%20we%20are%20using%20ARG%20Facets%20options%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fazureresourcegraph%2Fresourcegraph(2021-03-01)%2Fresources%2Fresources%23facetrequest%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fazureresourcegraph%2Fresourcegraph(2021-03-01)%2Fresources%2Fresources%23facetrequest%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ItayElbaz_0-1649062851326.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F361052i1BCCB7C9A1AB6339%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22ItayElbaz_0-1649062851326.png%22%20alt%3D%22ItayElbaz_0-1649062851326.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20facets%20will%20return%20the%20summarize%20count%20by%20the%20given%20expression%20for%20all%20the%20results%20(even%20when%20using%20pagination%20it%20will%20take%20into%20account%20the%20full%20available%20results%20and%20not%20only%20current%20page).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hello,

 

Does someone know the query to retrieve the different alerts like shown in the picture here below?

 

dentom_0-1648828351910.png

 

3 Replies

Hi @dentom,

In order to retrieve all the alerts in this page we are querying ARG.

If I understand currently you are referring to how we are getting the count of the alerts by severity. For that we are using ARG Facets options:

https://docs.microsoft.com/en-us/rest/api/azureresourcegraph/resourcegraph(2021-03-01)/resources/res...

ItayElbaz_0-1649062851326.png

 

The facets will return the summarize count by the given expression for all the results (even when using pagination it will take into account the full available results and not only current page).

 

 

 

@dentom 

 

ARG example:

alertsmanagementresources
| project name, subscriptionId, Severity_ = tostring(properties.context.SeverityDescription), TimeGenerated_ = todatetime(properties.essentials.startDateTime), properties
| where TimeGenerated_ > ago(30d) // and subscriptionId == '< insert your ID here>'
| where isnotempty(Severity_)
| summarize  count() by Severity_, subscriptionId

 

Clive_Watson_0-1649064728506.png

 

@dentom  You can also use readily available workbook for Alerts under Azure Monitor
Portal -> Monitor -> Workbooks -> Search Alert Screenshot 2022-04-14 075708.jpg