Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Create alert when there are no results from query

Copper Contributor

Hi,

 

I want to create alert when there are no results in the last 30 minutes is specific table.

How can I do it?

2 Replies

@MatRock345 Write the query in your Analytic rule that would return any row within the last 30 minutes and in the "Set rule logic" tab when you are creating your query  and in the "Alert threshold" section change the "Generate alert when number of query results" drop down to be "is equal to" 0

 

That way the alert will be generated when there are NO events found.