Is it possible to raise multiple Azure Alerts from one Custom Log Search result?

Bartlomiej 1 Reputation point
2019-12-30T21:48:39.74+00:00

Hi there,

I have a several Linux vms (very dynamic environment) which sends SysLog to single Log Analytic Workspace. I would like to raise an Azure Alert whenever a warning appears in SysLog Log Analytic Workspace. How can I write a Custom Log Search to accomplish it?

The query I wrote:
Syslog
| project _ResourceId, SyslogMessage, SeverityLevel, EventTime
| where SeverityLevel == 'warn'
can be consumed by Azure Monitor however if two machines produce Warning in the same alert period - only one Alert will be raised. What I would like to achieve is to have one query that is capable of producing multiple alerts.

Is it possible with logs?

many thanks
Bartek

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,107 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vaibhav Chaudhari 38,576 Reputation points
    2019-12-31T05:47:58.167+00:00

    To get the answer on Azure log analytics service, I'd suggest to post this question to below dedicated forum as well:
    https://social.msdn.microsoft.com/Forums/azure/en-US/newthread?category=windowsazureplatform&forum=opinsights

    1 person found this answer helpful.
    0 comments
  2. Vaibhav Chaudhari 38,576 Reputation points
    2020-01-06T05:01:07.217+00:00
    0 comments