This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi everyone,
I'm having difficulty responding to an alert that responds twice to the same context. Is it possible to solve this somehow? I'm already tired of looking and trying different tests.
Regards,
Nasimjon.
Hi there,
Now I see. You use 90 seconds time windows and you run your query 60 seconds. This is where a second trigger can get last additional 30 seconds where first alert has been captured.
IMHO, it's better to use 65 seconds (for example) time range instead of 90
Hi there,
We need more details. What type of alerts is you referring? Logs-based, metric based, activity-log based, resource-health based, service-health based?
Hi maserg,
Thanks for replying.
Sorry about that. My type of alert is a Log search.
Query is:
let EndTime = now();
let StartTime = EndTime - 90s;
ContainerLog
| where TimeGenerated between(StartTime .. EndTime)
| sort by TimeGenerated desc
| where LogEntry has "Error"
| summarize count() Image, LogEntry
Container logs are coming every 30 seconds to Log Analytics workspace.
Measurement:
Measure: Table rows
Aggregation type: Count
Aggregation granularity: 1 minute
Alert log:
Operator: Greater than
Threshold value: 0
Frequency of evaluation: 1minute
Then send to Logic App
What am I doing wrong since it comes twice?
Regards,
Nasimjon.
Hi folks,
Defiantly, helped a little, but not a little. They are coming twice, but decreased a little. Sometimes are not coming too. Can I use Azure logic app for skipped, maybe?
Thanks.
Regards,
Nasimjon.
You can build you own "supression" engine by using LogicApps, but I would recommend to re-think about your logic in your query