Alerts are important part of our monitoring and probably the most important one. Getting data and visualizing it is the foundation for alerts but in order to move to actual monitoring you need alerts. I can tell you nobody sits all day in front of dashboard and looks at visualized data. Alerts are also our knowledge of our applications and infrastructure gathered to help us when things are not going as planned. I wanted to write this blog post series for quite some time and I think this is the right time to do it. The reason for that is Classic Azure alerts are being deprecated and the vision of unified alerting capabilities is coming together and becoming more powerful… sort of. I will comment on parts that I think could and should be improved and hopefully they will be. I also expect some new features around Ignite as usually that is when Microsoft reveals some new stuff. They actually do it all the time it just the end development of some features matches Ignite conference time frame.
For the last a couple of years many Azure services has started to produce diagnostic logs and metrics. These two allows you to monitor and troubleshoot the Azure Services. Unfortunately still there are some services that are missing those. To pull diagnostic logs and metrics Azure Monitor has capability called Diagnostic settings which allows you to place them on Azure Storage, Event Hub or Log Analytics. Microsoft has done a good job to document many of diagnostic logs available but still I find some services that haven’t be documented. Luckily there is a way to find what diagnostic logs are available for a service (resource) and this blog post will focus on that.
Microsoft recently release the new Logs experience with this also removing the link to the Advanced Analytics Portal which was separate portal. My friend and fellow MVP Stefan Roth opened a e-mail discussion to some of us asking if there is a way to reach his workspace again from the Advanced Analytics Portal as that portal offered cleaner experience where Logs is a little bit cluttered due to being general portal for Azure services. I had some tips on how to use better the Logs experience in Azure Portal and my friend and fellow MVP Cameron Fuller thought that we should share this with the community thus this blog post.
Log Analytics alerts aka Azure Log Search Alerts allows you to create a single alert and trigger alert instances per a column. This is possible by creating metric measurement alert. Unfortunately these types of alerts also have a limitation which might be blocking in certain situation. The classical example for that limitation is to create a single alert that will separate instance for free disk space threshold for each computer and disk. The query representation of that looks like this:
Microsoft recently introduced a new model for purchasing Azure Log Analytics. To use this new model you will basically have to enable it on per subscription bases. In short you can either continue to use the old models or flip a switch on your subscription to use the new model. You cannot use both models for different workspaces in your subscription and you cannot move between the old models and the new ones without flipping that switch. Of course flipping that switch is easy as going into the Azure Portal -> Azure Monitor -> Usage and estimated costs blade but what about if you want to do this programmatically? Apparently there is a way to do it that way and in this blog post I will show you how.