This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
Excuse my ignorance, but I'm just learning this. We have a number of alerts set up and they are working without issue. I wanted to learn how I could query the Azure logs to find all occurrences of an Alert for a specific resource. For example, I'd like to find all the times in the last 30 days that a lowMemory alert was fired for a specific VM.
The second part to this is that I'd like to put this on a dashboard. So we could see the total number of times the lowMemory alert fired, then drill into it to see the total number of times it fired by resource, and then drill in further to review the actual alerts of this type for the resource.
I hope I am explaining this well enough.
Thank you!
Matthew
Hi Matthew,
For part 2 of your question, have you considered installing the Arc agent and then enabling 'Insights'?
That will provide you a great deal of information about your server, and you can customize the charts in Insights.
Another option would be to connect your logs to Sentinel and use it's out of the box workbooks or customize your own.
For part 1, a simple example would be this snippet below. This could be much improved.
Workbooks are pretty good to use for the 2nd part of your question, I'll add an example later.
Alert
| where AlertName contains "lowMemory" and Computer =="<insert my vm name>"
Thank you! I've been searching for this all over. Can you point me at some good resources for learning log queries? I have a bunch of questions, and nothing seems to cover what I need.
Here are some useful resources:
You can also look at the built-in examples, press the "Queries" button --> Search
Thank you for all your help. I am wondering what I am doing wrong. I clearly see there are alerts for low memory in the Azure Portal:
However, if I run your query, just to search for any low memory alerts. it doesn't like the query if I set the scope to the whole subscription. Do I have to just set it to the Log Analytics Workspace?