I try to create a azure alert rule which should be triggered in case my service do not log anything.
I created a query to check if my service logs something. This works fine until there are no logs in the specified time (e.g. give the provided query a filter criteria for the timestamp).
Query: customEvents | where name == 'ShouldBeLoged' | limit 1
This query will just give me the query result: No results found from the last 24 hours.
If create a alert of this query the alert view shows me this (see picture):
Has someone an idea how I could achieve that the alert is triggered in case the service do not log anything?
Follow the workaround to trigger the alert if the threshold value less than 1(Means no log written):
Here I am fetching the one Limit value of custom event.
Workaround follows
Create alert with threshold if it less than 1 mean it will fire the alert
Here the query we used to fetch the single custom event.
We fetch single custom event, so we check the threshold value is less than 2 (it will fire if the event values is less than 2).
Result
Related
I have a Use Case i am working on.
An Alert is fired in Azure when some conditions are met:
Condition: Whenever the total task complete events is greater than 0
The alert rule has some basic information.
Subscription
Resource Type
Resource Group
There is a Custom properties section and i want to use this to enrich the alert rule.The information I am hoping to include is in a table called AzureDiagnostics. Field values,conditions i need as follows (i included some custom fields):
OperationName=="TaskCompleteEvent" jobId_s id_s == "analyse" ElapsedTime=datetime_diff('second', executionInfo_endTime_t, executionInfo_startTime_t) ElapsedTime_in_Hours_Minutes_Seconds=ElapsedTime * 1s TimeGenerated
Can someone guide me on the best way to include these as custom properties? Adds value to the alert instead of then going back into azure to find more information. Any help is appreciated
I don't really have enough information to go on to properly answer this however, if you are referring to a default rule that you cannot edit, you can easily create an automation rule to autoclose the alert, you use custom KQL to reference the SecurityAlert table to enrich, such as
SecurityAlert | where DisplayName contains "previousRuleName"
or
If it is already custom KQL you can simply add, whether that's to the same table by removing the already specified column or otherwise, by using the join ( operator
In Azure dashboards, is there any way we can trigger alerts based on percentage instead of counts?.. Example if total total failures in 20 minutes is 20%, then trigger alert than just cheking the counts of the failures? Here setting the count is not meeting our requirement and looking a solution based on the Percentage of occurance.
Based on the above shared requirement , we have created the custom Kusto query to calculate the percentage of failure requests & to trigger an email alert notification if the failure requests percentage > 20% for a particular web app & also projecting the output of the Kusto query to the dashboard as well.
Here is the custom Kusto query :
requests
| where timestamp >= ago(6h)
| project success, ['id'], resultCode, appName
| summarize failedtotal = countif(success == 'False'), total= count()
| project failurepercentage = (100 * (failedtotal) / (total))
| summarize totalouputrows=countif(failurepercentage>20) by failurepercentage
Use the New alert rule option in the log analytics space to create a custom alert & using the above query as signal as shown in below picture.
Use the Pin to dashboard option in the log analytics work space to project the output of the custom Kusto query & create the dashboard accordingly.
Here is the sample image of the alert rule that was created using the above query.
Here is the sample email output & Kusto query output projected to dashboard triggered by above alert rule.
I'm trying to look at the logs for my Azure function,
In the Monitor view, I can just click the link under the Date column for the logs for a certain run.
But this is only for the last 20 invocation. For the older log how can I get it?
After clicking the Run query in Application Insight link above,
I arrived to a page with a table with the log entry, but I don't know how to open the actual logs!
If you want to access to the logs of an execution of your function app prior to those top twenty and you don't know so much how to query in Application Insights. There is an alternative using pre made queries available at monitor tab of your function.
Go to "Run query in application insights" to find the specific execution you are looking for.
This will auto generate for you the same query that filled the above grid. Here you just need to change the timestamp where condition to match our needs.
For example a specific date and time range:
"where timestamp between (todatetime('2022-10-01T00:00:00Z')..todatetime('2022-10-01T23:59:59Z'))"
With this change just run the query and identify function run you want to get full logs and get its operation_Id and invocationId values.
Go to monitor view again, select any execution and then "Run query in Application Insights"
Now you only need to replace operation_Id and invocationId values with those you got at step 1 and run again the query to get full log of that specific execution.
A useful feature of application monitoring services is sending alerts (e.g. emails) each time a new, unique error/problem/exception occurs (i.e., not for each occurrence). Either only the very first time, or at most once per X time (a day or week or such). This is, for example, possible with Visual Studio App Center. Unfortunately I haven't been able to find any such feature in Application Insights.
For clarification, a "new, unique error/problem/exception" can be thought of as a specific log statement in the code. I'm using Serilog, so all logged traces/exceptions have a MessageTemplate property which may help. But ideally the "problem ID" would be based on the code location, too (since multiple log statements may use the same message template).
The best lead I have found is the ability to send alerts based on a custom analytics query, but I'm not sure if it's possible to write a query that can give a behaviour similar to (if not exactly like) to what I describe above.
Is something similar to the behaviour I describe above possible to achieve with Application Insights? If it's possible through a custom query, how might such a query look?
Just through UI of azure portal, it's hard or impossible to achieve your first requirement: alert only the very first time. But you can try to use app insights rest api to fetch the data, then use code to implement your logic.
There is a similar solution(not exactly like you describe) for alert once per X time. The steps are as below:
1.Nav to azure portal -> you application insights -> Alerts -> new alert rule -> in the Condition, click Add button -> then select "Custom Log Search"
2.In the "search query" textbox, write your query like below:
exceptions
| where xxxx
Note that in the where clause, use some properties to identify the unique error.
3.Then in the "Alert logic", use the following settings:
Based on: Number of results, Operator: Greater than, Threshold value: 0
4.In the "Evaluated based on", set proper value for Period(max value is 2880 minutes) / Frequency(max value is 1440 minutes).
So if you want to trigger alert 1 time per day, you can set Period to 1440 minutes, set Frequency to 1440 minutes. But you also need to note that, if in the next day, there is no such specified error, it will not trigger in the next day.
I am baffled! This used to work. I have a very simple Alert that triggers a very simple Action Group. The alert query is:
exceptions | where timestamp >= ago(6m) | order by timestamp desc
In the App Insights Logs I can see that there are exceptions.
In the Alert screen, in Configure Signal Logic I can see that there are exception. In my mind that means that the Alert should be triggered.
However the Action Group which is just a "Send Email" doesn't seem to be executed since I do not receive the email.
In Monitor Alerts / All Alerts I do not see any alert.
Any idea of how to investigate to see what is going wrong?
Wow, the Azure alerting system wasn't working (100%) yesterday!! I left the alerts enabled over night and they starting firing at 3:41 AM PST. Checking the Azure Status website, it doesn't say anything about this.
These were new alerts that I created yesterday. I have other alerts created a while ago and they were firing.
It seems that the new alerts weren't picked up yesterday.
Here are some instructions you can follow:
make sure you select application insights as target
check the time period / frequency / threshold during create alert rule -> add condition:
For example, if you set the time period as "over last 30 minutes", frequency as "every 5 minutes", threshold as "total number greater than 2".
Let's assume that this alert will check condition from 2:00 to 2:30(time period), and every 5 minutes(frequency) like from 2:00 - 2:05, if during 2:00-2:05 the total number of exception is more than 2, this will trigger alert, and send you an email.
If during every 5 minutes, total number of exceptions is less than 2, no alert will be triggered.
Hope it helps.