How to get alerted for new (unique) errors - azure

A useful feature of application monitoring services is sending alerts (e.g. emails) each time a new, unique error/problem/exception occurs (i.e., not for each occurrence). Either only the very first time, or at most once per X time (a day or week or such). This is, for example, possible with Visual Studio App Center. Unfortunately I haven't been able to find any such feature in Application Insights.
For clarification, a "new, unique error/problem/exception" can be thought of as a specific log statement in the code. I'm using Serilog, so all logged traces/exceptions have a MessageTemplate property which may help. But ideally the "problem ID" would be based on the code location, too (since multiple log statements may use the same message template).
The best lead I have found is the ability to send alerts based on a custom analytics query, but I'm not sure if it's possible to write a query that can give a behaviour similar to (if not exactly like) to what I describe above.
Is something similar to the behaviour I describe above possible to achieve with Application Insights? If it's possible through a custom query, how might such a query look?

Just through UI of azure portal, it's hard or impossible to achieve your first requirement: alert only the very first time. But you can try to use app insights rest api to fetch the data, then use code to implement your logic.
There is a similar solution(not exactly like you describe) for alert once per X time. The steps are as below:
1.Nav to azure portal -> you application insights -> Alerts -> new alert rule -> in the Condition, click Add button -> then select "Custom Log Search"
2.In the "search query" textbox, write your query like below:
exceptions
| where xxxx
Note that in the where clause, use some properties to identify the unique error.
3.Then in the "Alert logic", use the following settings:
Based on: Number of results, Operator: Greater than, Threshold value: 0
4.In the "Evaluated based on", set proper value for Period(max value is 2880 minutes) / Frequency(max value is 1440 minutes).
So if you want to trigger alert 1 time per day, you can set Period to 1440 minutes, set Frequency to 1440 minutes. But you also need to note that, if in the next day, there is no such specified error, it will not trigger in the next day.

Related

Application Insights alert for no log is written

I try to create a azure alert rule which should be triggered in case my service do not log anything.
I created a query to check if my service logs something. This works fine until there are no logs in the specified time (e.g. give the provided query a filter criteria for the timestamp).
Query: customEvents | where name == 'ShouldBeLoged' | limit 1
This query will just give me the query result: No results found from the last 24 hours.
If create a alert of this query the alert view shows me this (see picture):
Has someone an idea how I could achieve that the alert is triggered in case the service do not log anything?
Follow the workaround to trigger the alert if the threshold value less than 1(Means no log written):
Here I am fetching the one Limit value of custom event.
Workaround follows
Create alert with threshold if it less than 1 mean it will fire the alert
Here the query we used to fetch the single custom event.
We fetch single custom event, so we check the threshold value is less than 2 (it will fire if the event values is less than 2).
Result

Azure function log that is older than 20 days

I'm trying to look at the logs for my Azure function,
In the Monitor view, I can just click the link under the Date column for the logs for a certain run.
But this is only for the last 20 invocation. For the older log how can I get it?
After clicking the Run query in Application Insight link above,
I arrived to a page with a table with the log entry, but I don't know how to open the actual logs!
If you want to access to the logs of an execution of your function app prior to those top twenty and you don't know so much how to query in Application Insights. There is an alternative using pre made queries available at monitor tab of your function.
Go to "Run query in application insights" to find the specific execution you are looking for.
This will auto generate for you the same query that filled the above grid. Here you just need to change the timestamp where condition to match our needs.
For example a specific date and time range:
"where timestamp between (todatetime('2022-10-01T00:00:00Z')..todatetime('2022-10-01T23:59:59Z'))"
With this change just run the query and identify function run you want to get full logs and get its operation_Id and invocationId values.
Go to monitor view again, select any execution and then "Run query in Application Insights"
Now you only need to replace operation_Id and invocationId values with those you got at step 1 and run again the query to get full log of that specific execution.

How to create datadog 'change alerts' using terraform?

I am trying to create a change monitor using terraform. To create a monitor that checks that overtime a count stays at 0 for example every day (the value will go up to one some times and get back to 0).
I found on the UI the capacity to create a change alert.
I cant seem to find a way to define the configuration for this type. Is terraform just supporting only a subset of the monitors? or does the query need to be change in some specific way that I cant find documentation for?.
I've stumbled upon this as well. I just figured out you have to manually create the monitor using "change alerts" then go to "manage monitors" page, open the one you just created and you'll see the query that starts with change(...). Copy the whole query to the query field in your terraform config.

Azure devops changed list of work items during a time period

Is there a way to find out the list of Azure Devops work items that were changed in a given period of time ?
Something like "The list of test case work items that were changed in the last 60 days". The change can include changes to any of the fields configured for the work item.
Use case: Today, we have the manual test cases and they are being automated. If the manual test case changes, we need to update the automated test as well.
So, I'm looking for a way to find out the list of work items that were changed in any way in a given time period.
In Azure DevOps, go over to your project and under Boards you have a Queries tab.
You can create a query there using the Work Item Type [Any] and Changed Date > #StartDate("-60d").
I've added an image if it is easier.
There is also API available for this, and you can automate that however you prefer.

Clearing the "Group by" drop down on the Application Insights portal

I have a new Windows Application that I am adding Application Insights to. Adding a new chart gives the ability to Group on specific custom properties using a drop down. This drop down has 65 properties that AI must have added at some point. There were not specifically added.
We have a main AppInsights that takes all events. We've also created a AppInsight for development. The list of custom properties in the drop down is different between these two, even though the source code is the same.
It makes me suspect that there is some process that creates the drop down contents based on the incoming data.
The problem here is that the code has changed, and some properties are no longer available. We want to eliminate these values from the drop down, and add the new ones.
I am perfectly happy just deleting the entire list. Is there a way to do this?
The items that are available in the group by are properties that have ever been received by the back end in data you've sent, and aren't editable.
for custom properties/metrics, there's a limit on how many properties the backend will allow before it stops collecting new named custom properties. Conceptually, think of it as the backend storing an array of 200 elements for each telemetry item you sent, and mapping each custom property name to an index, and that mapping lasts forever. (i believe at the current time that limit is 200 each, but we're working on expanding that)
so if developers did things in your dev portal, even sent one item with custom property "foo", then that property will be there forever, and takes up one of those 200 slots. They can't be deleted or cleared at the moment.
Also, the contents of the group by box is also limited to events that have sent less than some threshold of distinct values, too. (I'm not sure on that exact value, but i believe it < 100 distinct values.) So fields like Id fields, or guids, etc, will eventually stop showing up as group by options, because the group by would create N distinct buckets of 1 item.
It seems like this would be something already mentioned in the App Insights UserVoice site, or documented in the azure documentation for group by but i'm not seeing it.
The only real workaround at this time is to create a new application insights resource in azure, and start submitting data to that new resource instead of your old one. And then you have to be proactive about never submitting custom properties that you're never going to use, or mixing case, as "Property1" and "property1" will be distinct properties...
If this is a big issue for you, i'd suggest submitting it to microsoft connect as a bug, or entering a uservoice suggestion above. I'll pass this on as something that really needs to be documented in the group by thing in the azure docs, too.

Resources