I'm able to create an alert based on my custom metric. However, i'd like to have several different alerts, for each cloud_RoleInstance I have. Is it possible somehow?
If the logs are stored in Azure Log Analytics or Azure Application Insights, then you can use Custom Log Search alert(in step 5 of this article). Note you need to create one alert as per one cloud_RoleInstance in the query.
Steps as blow:
Step 1:
In azure portal -> Nav to azure monitor -> Alerts -> New alert rule, then in the resource, select the Azure Log Analytics or Azure Application Insights.
Step 2:
Then in Condition, select Add, then select "Custom log search":
Step 3:
Then in new window, write you query to trigger the alert, remember use where clause to filter the cloud_RoleInstance.
And note that:
change "Based on" from "Number of results" to "Metric measurement",
and use this query:
customMetrics
| where name == 'MyMetricName'
| where cloud_RoleInstance == 'MyInstanceName'
| summarize AggregatedValue = sum(value) by bin(timestamp, 5m)
Related
Quick context :
I want to delete my VM(s) in a specific resource group if its CPU usage is below 30 for 1 hour.
Detailed explanation : Please refer alert-action group flow diagram (https://i.stack.imgur.com/I4gBD.png%60 ) or Below Image Flow
Resource Group -> Linux VM(s) , connected with Log analytics workspace
Created Azure Function - Delete-VM , which written in Powershell will Delete VM
Created Action Group (delete-Action) to trigger a mail notification and above Azure Function(Delete-VM)
Created alert rule with signal as Log & condition as custom Log query and configured above action group to take action.
Custom Query :
Perf | where TimeGenerated > ago(60m) | where (ObjectName == "Processor") | summarize AggregatedValue = avg(CounterValue) by Computer | where AggregatedValue < 100 | project Computer, AggregatedValue
Issue :
When condition breached and alert get fired.
Only Mail action is Triggered
Azure Function (Delete DVSM) is not executing.
How to Trigger Azure function when Alert fired.
I have followed the blog which created by cloudsma.
Workaround follows
I have created the Alert Group with Email notification alert and it will trigger the Azure Function.
Adding Alert Rule:
Alert can be able to trigger in both Email and Azure Function
Alert Results
Context : app-service in Azure with enabled auto-scale 2 to 8 instances. Usually workload fluctuates between 2..4 instances, and only on rare occasions scaling maxes out to 8 instances - for such cases I want to set up an alert. Let's say, I am interested in all scaling operation above 4 instance count.
Problem : cannot find an alert "scope + condition signal" combination where instance count of auto-scale would be possible to select. Does such data is accessible at all?
And "no" - I do not want to use OOB "Scale out - Notify" functionality, because this feature sends out emails about all scaling operations. Since I am not interested 2..4 instances and only >4 instances, conditioning must be possible.
You can create the alert mechanism for the autoscale operation in web app by projecting the autoscale operation logs to log analytic workspace & followed by creating custom alert.
Here are the steps you need to follow:
Go to Scale-out (App service plan) option in the portal under that Navigate to Diagnostic settings.
Create Diagnostic settings for the autoscale operations & project those logs to log analytics workspace.
Based on the requirement shared above, use the below query to pull scale out operation of a web app with instance count is greater.
AutoscaleScaleActionsLog | where OperationName == 'InstanceScaleAction' and ResultType == "Succeeded"
| where NewInstanceCount >4 and ScaleDirection == 'Increase'
Use the New alert rule option in the log analytics space to create a custom alert & using the above query as signal as shown in below picture.
Here is the sample image of the alert rule that was created using the above query
The above alert query run for every thirty minutes , if there any autoscale operation got recorded it will trigger an email to mentioned recipients.
click on save , enable the alert rule
Here is the sample email output triggered by alert rule
I use an Azure VM for personal purposes and use it mostly like I would use a laptop for checking email etc. However, I have several times forgot to stop the VM when I am done using it and thus have had it run idle for days, if not weeks, resulting in unnecessarily high billing.
I want to set up an email (and if possible also SMS and push notification) alert.
I have looked at the alert function in the advisor, but it does not seem to have enough customization to handle such a specific alert (which would also reduce Microsoft's income!).
Do you know any relatively simple way to set up such an alert?
You can take use of Log Analytics workspaces and Custom log search.
The below are the steps to create an alert, which will send the alert if the azure vm is running exactly 1 hour.
First:
you need to create a Log Analytics workspaces and connect to azure vm as per this link.
Sencod:
1.In azure portal, nav to Azure Monitor -> Alerts -> New alert rule.
2.In the "Create rule" page, for Resource, select the Log Analytics workspaces you created ealier. Screenshot as below:
Then for Condition, please select Custom log search. Screenshot as below:
Then in the Configure signal logic page, in Search query, input the following query:
Heartbeat
| where Computer == "yangtestvm" //this is your azure vm name
| order by TimeGenerated desc
For Alert logic: set Based on as Number of results, set Operator as Equal to, set Threshold value as 60.
For Evaluated based on: set Period as 60, set Frequency as 5.
The screenshot as below:
Note:
for the above settings, I query the Heartbeat table. For azure vm which is running, it always sends data to log analytics to the Heartbeat table per minute. So if I want to check if the azure vm is running exactly 1 hour(means it sends 60 data to Heartbeat table), just use the above query, and set the Threshold value to 60.
Another thing is the Period, it also needs to be set as 1 hour(60 minutes) since I just check if the azure vm is running for 1 hour; for Frequecy, you can set it any value you like.
If you understand what I explains, you can change these values as per your need.
At last, set the other settings for this alert.
Please let me know if you still have more issues about this.
Another option is to use the Azure Activity log to determine if a VM has been running for more than a specified amount of time. The benefit to this approach is that you don't need to enable Diagnostic Logging (Log Analytics), it also supports appliances that can't have an agent installed (i.e. NVAs).
The logic behind this query is to determine if the VM is in a running state, and if so has it been running for more than a specified period of time (MaxUpTime).
This is achieved by getting the most recent event of type 'Start' or 'Deallocate', then checking if this event is of type 'Start' and was generated more than 'MaxUpTime' ago
let DaysOfLogsToCheck = ago(7days);
let MaxUptime = ago(2h); // If the VM has been up for this long we want to know about it
AzureActivity
| where TimeGenerated > DaysOfLogsToCheck
// ActivityStatus == "Succeeded" makes more sense, but in practice it can be out of order, so "Started" is better in the real world
| where OperationName in ("Deallocate Virtual Machine", "Start Virtual Machine") and ActivityStatus == "Started"
// We need to keep only the most recent entry of type 'Deallocate Virtual Machine' or 'Start Virtual Machine'
| top 1 by TimeGenerated desc
// Check if the most recent entry was "Start Virtual Machine" and is older than MaxUpTime
| where OperationName == "Start Virtual Machine" and TimeGenerated <= MaxUptime
| project TimeGenerated, Resource, OperationName, ActivityStatus, ResourceId
I have a windows service running on a Azure VM availability set.
What is the best way to instrument monitoring for this service utilizing any of the Azure monitoring solutions?
If you just want to monitor if it's running or not, you can use Log Analytics. More details please refer to this article.
I have tested it at my side, it works well.
1.Create a workspace and Enable the Log Analytics VM Extension as per this doc.
2.Once step 1 is completed, nav to your workspace -> in the left panel, select Advanced settings -> Data -> Windows Event Logs, then in the textbox, type "system", then select system in the dropdown -> click the add button.
3.click Save button.
4.In the left panel, click Logs. Then in the query editor, type the following command(please note that the == is case sensitive):
Event
| where TimeGenerated >ago(1d)
| where EventLog == "System" and EventID ==7036 and Source == "Service Control Manager"
| parse kind=relaxed EventData with * '<Data Name="param1">' Windows_Service_Name '</Data><Data Name="param2">' Windows_Service_State '</Data>'*
//you can add a filter by service name here like | where Windows_Service_Name =="Windows Update"
| sort by TimeGenerated desc
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated
5.The test result:
I have a Virtual Machine Scale Set (VMSS) with autoscaling rules. I can get the performance metrics of a host but there is no graph for instances count.
There is a graph on VMSS settings "Scaling" -> "Run history", like this.
But how I can get it from Metrics and place on the dashboard?
By default, having a VMSS does not emit anything to Application Insights (AI) unless you configure an app / platform (like Service Fabric for example) to use AI.
So, if you do have software running on the VMSS that emits to AI then you could write an AI analytics query to get the instance count like this:
requests
| summarize dcount(cloud_RoleInstance) by bin(timestamp, 1h)
Typically cloud_RoleInstance contains a VM identifier so that is what I used in the query. It does show the distinct count of VMs.
This only works reliable if the software runs on all VMs in the VMSS and if all VMs emit data to AI at least once an hour. Of course you can adapt the script to your liking / requirements.
operators used:
dcount: counts the unique occurences of the specified field
bin: group results in slots of 1 hour
Thanks Peter Bons, it's that I need!
As I run Docker on the VM I can add OMS agent container and use it's data.
This is what I wanted.
ContainerInventory
| where TimeGenerated >= ago(3h)
| where Name contains "frontend"
| summarize dcount(Computer) by bin(TimeGenerated, 5m)
On Azure portal, navigate to VMSS, select required VMSS -> Scaling under Settings from left-navigation-panel -> Click on 'Run History' tab on right-side-panel
The easy way is after you have gone to the 'Run History' tab just click the 'Pin to Dashboard' button. You can see this button in the image supplied in the question.