Forum Discussion

Copper Contributor

May 22, 2019

repeated alerts

Hi Guys, Using below query I have enabled the alert for Processor Utilization with threshold of 80% targeting multiple windows servers on my workspace in Azure monitoring log space analytics. Perf | ...

Azure Log Analytics

azure monitor

roopesh_shetty

Copper Contributor

May 24, 2019

Hi,

I tried to run this query provided by you, but getting the error as ;

'take' operator: Failed to resolve table or column expression named 'AlertHistory' Support id: 6b982987-9b2b-4b24-b555-9b6ee8787e87

Query :

Perf
| where TimeGenerated > ago(5m)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 1m), Computer
| join (
AlertHistory
| limit 10
) on $left.Computer == $right.SourceDisplayName

What could be wrong on this query.

CliveWatson

Former Employee

May 24, 2019

roopesh_shetty

Hi, just change AlertHistory to Alert - it will only show if you have some?

Alert
| where TimeGenerated > ago(30d)
| summarize by Computer, AlertName

Go to Log Analytics and Run Query

roopesh_shetty
Copper Contributor
May 24, 2019
CliveWatson

Hi CLive,

this query output is always blank. Where we need to specify the threshold as 80% on this query?

Perf
| where TimeGenerated > ago(5m)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 1m), Computer
| join (
Alert
| limit 10
) on $left.Computer == $right.SourceDisplayName
- CliveWatson
  Former Employee
  May 24, 2019
  Hi, I was just giving you (and others) some KQL suggestions, hence a basic query, this isn't a fully working solution - it will need extra logic, and I don't even know if it will work...