User Profile
yalavi
MicrosoftJoined 7 years ago
User Widgets
Recent Discussions
Re: Azure Monitor alert Search results not in email
CrabAppleCakePromise with the current API you can't get the results in the alert. To get detailed context information about the alert so that you can decide on the appropriate action: The recommended best practice it to use Dimensions. Dimensions provide the column value that fired the alert, giving you context for why the alert fired and how to fix the issue. When you need to investigate in the logs, use the link in the alert to the search results in Logs. If you need the raw search results or for any other advanced customizations, use Logic Apps.Re: Azure monitor email alerts.
CrabAppleCakePromise with the current API you can't get the results in the alert. To get detailed context information about the alert so that you can decide on the appropriate action: The recommended best practice it to use Dimensions. Dimensions provide the column value that fired the alert, giving you context for why the alert fired and how to fix the issue. When you need to investigate in the logs, use the link in the alert to the search results in Logs. If you need the raw search results or for any other advanced customizations, use Logic Apps.Re: Deploying Azure Monitor Alert Rules by Pipeline gives error
loadedlouie270 Please check that the permissions of the deployment provide access to the logs. The best option if you provide the correct permissions, is to open a support case with the correlation ID, and we will be able to check why this is happening on the service side.Re: Custom JSON Webhook for Teams showing search results
Avid_Azure_User To get the context of the alert in the payload we recommend using dimensions, not relaying on the search results. This will provide you with the pairs you need. Overall include search results is best effort and is not means to get context of the alerts. To get the full results provide the links in the payload.Re: Alert monitor - Rules that dont change to fired and keep trigger themselves
Hi loadedlouie27, This is not a bug it is the design of log alert, which was built to find things in logs (which you can't really resolve). We are planning to provide stateful log alerts, but recommend you investigate using metric alerts and/or metric alerts for logs to achieve state alerts on what you need for now.Re: Alert "Monitor Condition" never changes
Hi loadedlouie27, This is not a bug it is the design of log alert, which was built to find things in logs (which you can't really resolve). We are planning to provide stateful log alerts, but recommend you investigate using metric alerts and/or metric alerts for logs to achieve state alerts on what you need for now.Re: LogAnalytics Workspaces - Suppression of alarms from specific Resources
loadedlouie27 the best was is if you use 'Aggregated on', in a metric measure log alert rule, on '_ResourceId'. Then use Action Rules to suppress based on the alert content, setting the relevant resource group from the VM ARM resource ID. Example of VM resource ID: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName} Action rules context filter:Re: Dimensions in webhook payload
-Akos- The post was about the new 'Dimensions' section in the payload for metric measure log alert type that you control, that split the alerts and provide the context of the fired alerts. AffectedConfigurationItems is an old and only partly reliable feature that uses heuristics of column names. Future API version will not have AffectedConfigurationItems, but will make it easier to define dimensions even for simple count of rows. There is an example here (and in the common schema definition page you have): https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log-webhook#log-alert-for-log-analyticsRe: Azure Monitor - LogAnalytics - Delay in sending alerts
loadedlouie27 There is a lot of questions, but I'll answer generally. Log alerts is fully GA and we can assist you in these cases via the official support channels. Our documentation is available for assisting getting you started with the different monitoring options. Log alerts works best when looking for data in the log and less well when looking for lack of data (such as heartbeat). Ingestion delay can impact these alerts: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-ingestion-time This means when this happens, you could experience false alerts or late alerts. I would recommend you use metric alerts for those use cases unless you need the power of a log alert custom query. Saying that we are introducing a new flow this month that should improve accuracy of the alerts and lower the chances of you hitting issues. Log search alerts are stateless by design. We are working on adding stateful log alerts that also resolve.
