cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create an analytics role to trigger an alert when the agents stop sending events

mohammadkb
Copper Contributor

‎Oct 02 2023 03:50 AM

‎Oct 02 2023 03:50 AM

How to create an analytics role to trigger an alert when the agents stop sending events

Hi Team,

 

To be able to know which agent ceases to send events, I would like a query to create an analytics role.

Labels:
229 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Oct 02 2023 04:17 AM

‎Oct 02 2023 04:17 AM

Re: How to create an analytics role to trigger an alert when the agents stop sending events

The basic query (from the Logs Analytics examples) is this, you'll have to amend as required // Unavailable computers // List all known computers that didn't send a heartbeat in the last 5 hours. Heartbeat | summarize LastHeartbeat=max(TimeGenerated) by Computer | where LastHeartbeat < ago(5h) Note: This monitors the heartbeat of the AMA/MMA (assuming that the agent you are using). It wont differentiate between failure and "not sending". Its also possible for the agent to fail which this will capture but the machine might still be working.
0 Likes
Reply