Tag: alerts

Azure Monitor Alert Series – Part 7

On this blog post we will cover Azure Monitor Log Alerts. You might know them as Log Analytics alerts but a long time has passed when Log Analytics was standalone service that was not part of Azure Monitor. You may have noticed some UI improvements of those but the biggest improvements were actually under the hood. To my opinion this migration was executed very good with a lot of issues for the customers. No it was not perfect migration but taking into considerations all the complexity of such migrations I would say it was well executed and with thought for the customers. To be honest I will also say that these types of alert are my favorite. The simple reason for that is because by using Kusto queries I have way more room to improvise. Of course the alerts have their own downsides as well but that is the beauty of Azure Monitor alerts. You have flexible choices without being forced to specific one. Enough with the flattery and continue to the interesting parts of this blog post.

As I have mentioned before in Part 1 of the series we have two sub types:

  • Number of results
  • Metric Measurement
Continue reading “Azure Monitor Alert Series – Part 7”

Aggregate on More Than One Column for Azure Log Search Alerts

Log Analytics alerts aka Azure Log Search Alerts allows you to create a single alert and trigger alert instances per a column. This is possible by creating metric measurement alert. Unfortunately these types of alerts also have a limitation which might be blocking in certain situation. The classical example for that limitation is to create a single alert that will separate instance for free disk space threshold for each computer and disk. The query representation of that looks like this:

Continue reading “Aggregate on More Than One Column for Azure Log Search Alerts”

Using Custom Log Search Alerts Based on Metric Measurement for Event Based Logs

In Azure Monitor we can create two type of alerts for Log Analytics:

Near real-time metric alerts are scoped to specific performance counter and heartbeat events but with Custom Log Search Alerts you can alert on any log in Log Analytics. With Custom Log Search Alerts the alert logic have two types:

  • Number of results
  • Metric Measurement

In a typical scenario you will use Number of results for logs and events and metric measurement for performance/metric logs. That wouldn’t be a problem if the way the alerts are fired distinguish quite a lot between those. For example in metric measurement you aggregate/summarize results and you alert based on the value from the aggregation/summarization. On top of that different alert instance is fired on each summarized record. In number of results you do not summarize/aggregate and alerts are fired based on the count of the records. For example on 10 records you will get only one alert instead of 10. If you are like me this is a problem as you want to get separate alert instance for your events just like metric measurement alerts.
In this blog post I will show you how to overcome this problem with workaround from the powerful Log Analytics query language.

Continue reading “Using Custom Log Search Alerts Based on Metric Measurement for Event Based Logs”

Spend Your Money Wisely

With this post I would like to support my friend and fellow MVP Tao Yang. The text below is written by him but I fully support it. Read carefully.

clip_image001As what I’d like to consider myself as – a seasoned System Center specialist, I have benefitted from many awesome resources from the community during my career in System Center. These resources consist of blogs, whitepapers, training videos, management packs and various tools and utilities. Although some of them are not free (and in my opinion, they are not free for a good reason), but large percentage of these resources I value the most are all free of charge. Continue reading “Spend Your Money Wisely”

Notes from System Center Battlefield: Monitoring Guest Clusters with SCOM

So what is guest cluster? A guest cluster is when you create cluster inside of virtual machines. In the past we’ve done that trough ISCSI or FC and lately with Shared VHDX in Windows Server 2012 R2. And like any other cluster you will want to monitor these clusters with SCOM but as they are just like any other cluster where is the catch? Continue reading “Notes from System Center Battlefield: Monitoring Guest Clusters with SCOM”