Oct 07 2023 07:06 AM
Hello,
I am trying to find a KQL query that can scan any Storage Account and verify, through an alert metric, whether it has exceeded x GiB in y minutes.
I know it is possible to set up an alert 'metric' in Azure Monitor to verify if Blob Storage egress has exceeded 500 GiB in one day, but how is that written as a KQL query?
I have started looking at queries like this...
//Time range added to look last 24 hours (in 6-hour time intervals) from the previous day and read size on the number of bytes that is over 10000000000 on each container
StorageBlobLogs
| where TimeGenerated between ( startofday(ago(48hrs)) .. endofday(ago(1d)) )
| where OperationName == "GetBlob"
| extend ContainerName = split(parse_url(Uri).Path, "/")[1]
| summarize ReadSize = sum(ResponseBodySize) by tostring(ContainerName), bin(TimeGenerated, 6hr)
| where ReadSize > 10000000000
| render timechart
| order by ReadSize desc
I just don't know how to amend this so it can 'scan' a time period (say over 6 hours) where I read the Storage Account size at the start and end of the time period and verify IF the egress has gone over a set number of bytes.
Oct 08 2023 02:45 PM
Oct 09 2023 04:22 AM
Oct 09 2023 05:34 AM
Oct 09 2023 06:22 AM
Oct 09 2023 07:20 AM
Oct 10 2023 03:24 AM
SolutionOct 10 2023 03:24 AM
Solution