User Profile
ScottAllison
Iron Contributor
Joined May 31, 2018
User Widgets
Recent Discussions
Automatically resolve Heartbeat alerts
Greetings, I'm trying to use the newer feature "Automatically resolve alerts" with a Heartbeat alert, but I am having no luck no matter how I configure the alert. My query: Heartbeat | where TimeGenerated >= ago(24h) | summarize LastHeartbeat=max(TimeGenerated) by Computer, _ResourceId | where LastHeartbeat < ago(15m) Signal logic: ...and under Alert rule details, I have "Automatically resolve alerts" selected. My alerts trigger just fine (I've never had a problem with that), but when I bring a VM back online, the alert does not switch to a "Resolved" condition. All the alerts remain in a "Fired" condition. Am I missing something or does this feature even work? Thanks in advance!Referencing Key Vault to access external data from Log Analytics
Hi everyone! I've built a nifty solution that allows me to use the https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/externaldata-operator?pivots=azuremonitor operator to query some static data from blob storage via Log Analytics. This works great, but now I want to save this as a Function in Log Analytics and the token is easily read. So my questions are: 1. Is there a way to "mask" the token in the KQL query so that it isn't visible? or.... 2. Is there a way to reference Key Vault to get the secret token ? Any help is appreciated!Kusto Explorer broken for Log Analytics
Recently, and up until this week, I've been utilizing https://docs.microsoft.com/en-us/azure/kusto/tools/kusto-explorer instead of the sorely lacking web interface for Log Analytics. However, now I'm unable to connect to my Log Analytics workspaces using the tool: "An error occurred while sending the request." I've been using https://docs.microsoft.com/en-us/azure/data-explorer/query-monitor-data--which allows me to use Azure Data Explorer Web UI to query (also superior to the out of the box Log Analytics experience)--to connect Kusto Explorer. Is anyone else having success?New Log Analytics experience
If Microsoft is trying to get me to stop using their UI for Log Analytics, then the latest update might actually work. Please bring back WORKSPACE FAVORITES. Our organization has multiple workspaces and having to click SELECT SCOPE and clicking through blades and multiple lists just to switch to a different workspace is extremely frustrating and time consuming. I just want my list of saved workspaces that I had before, please.Usage stats for Log Analytics?
Is there a way to view usage statistics for Log Analytics? Specifically, is there a way to view "when/what/who" queries have been executed in Log Analytics? I'd like to be able to generate some usage reports so that we can make sure that the service is being properly utilized by our users.Log Analytics table growth
Greetings community! I'm using the following query to keep a close eye on my top tables in Log Analytics: search * | summarize count() by $table | project Table=$table, Count=count_ | top 5 by Count This is great, but I'd also like to track the growth on a day-to-day basis so that I can graph it and catch when there is a big jump in consumption. Any ideas? Thanks!Application Pool monitoring in Log Analytics
We're in the process of moving all of our monitoring from SCOM to Log Analytics, and obviously Management Packs are not always going to translate to LA. Has anyone done IIS Application Pool monitoring in Log Analytics yet? Specifically, looking for a way to monitor if an application pool is up or not. It's not clear how the MP in SCOM does this, so it's not clear on what I should be looking for in Log Analytics. EventLog?Filter preview
When using the Log Analytics query portal, every time we execute a query, the portal automatically switches to the Filter (preview) pane. When working with complex data (such as AzureDiagnostics or Syslog), this hangs the browser--sometimes for several minutes. Can we please have the option to turn this feature OFF? I personally find it useless for my day-to-day work anyway (and I live in Log Analytics).Last 3 values for multiple categories
All, I'm trying to get the last three values of a dataset by a particular category, and I am having trouble figuring out the best way to do this. I have the following columns: TimeGenerated MonitorName SiteName Availability What I need is the last (most recent) 3 values (Availability) by SiteName and MonitorName. I want my result to look something like this: TimeGenerated SiteName MonitorName Availability 2018-10-05T06:44:37.353 Houston Test1 0 2018-10-05T06:34:37.353 Houston Test1 1 2018-10-05T06:24:37.353 Houston Test1 0 2018-10-05T06:31:00.000 Houston Test2 1 2018-10-05T06:21:00.000 Houston Test2 1 2018-10-05T06:11:00.000 Houston Test2 1 2018-10-05T06:51:00.000 Houston Test3 0 2018-10-05T06:41:00.000 Houston Test3 0 2018-10-05T06:31:00.000 Houston Test3 1 2018-10-05T06:38:00.000 Los Angeles Test1 1 2018-10-05T06:28:00.000 Los Angeles Test1 1 2018-10-05T06:18:00.000 Los Angeles Test1 1 2018-10-05T06:55:00.000 Los Angeles Test2 0 2018-10-05T06:45:00.000 Los Angeles Test2 0 2018-10-05T06:35:00.000 Los Angeles Test2 1 I tried using "top-nested" to get a result like this, but can't seem to get it right. Does anyone have any thoughts? Thanks!
