How to create alert using log query when VM get down

Question

Hello,

As beginner ,There are some VM create in Azure .I need to create alert when a vm goes down .

1. Basically need a log query that i can use it further to create alert on this ,so VM get down ,it will send mail alert.
2. is there any other way in Azure monitor to get mail alert when particular VM down.

currently vm is connected and able to run heartbeat command on it.but dont have exactly query to create alert when a vm down.

Answer 1

I wrote a blog "Create an e-mail alert/sms when someone logging into an Azure Windows Virtual Machine

You can try the same steps with a change in the query something like below:

AzureActivity
| where OperationName == "Deallocate Virtual Machine" and ActivityStatus == "Succeeded"
| where TimeGenerated > ago(5m)

The query looks the activity Log for Server Shutdown events in every 5 min. and sends an email alert if found!

Hope it helps!

---

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello,

Since you're using Azure VMs, you could make use of the Metrics that are generated by these Azure VM Resources (rather than logs like Heartbeat):

https://learn.microsoft.com/en-us/azure/azure-monitor/vm/tutorial-monitor-vm-alert-availability

At the same time, if you're interested in querying the Heartbeat table and generate an alert when Heartbeats are missing from a specific VM, you could use the following Kusto Query:

(This will first find all the timestamps of latest heartbeats from all computers in the last 24h, then check if any of those have the latest heartbeat older than 5 minutes)

Heartbeat
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer
| where LastCall < ago(5m)

Or check for a step-by-step procedure in this article:

http://contoso.se/blog/?p=4532

I hope it helps!

(don't forget to mark as an answer if is the case).

BR,

George