How to create centralized alerts

Question

Hello, I'm trying to set up monitoring for 60 data factories, specifically to track the "Failure" status of activity runs. The central idea is to send an alert to a Slack channel every time a new failure is detected. My main concept was to create a log workspace that consolidates all the logs from activity runs. Afterward, a query is run to check for failures every 5 minutes. When a failure is detected, a logic app is triggered, which then performs the same query to retrieve the relevant fields and construct a message in Slack. However, this process results in a series of duplications, and sometimes not all the alerts that should come through do. I need some suggestions to resolve this issue and effectively monitor the activity runs of 60 data factories.

Answer 1

You could use the same method of consolidating logs but in your logic app, you can set up a 5 minute interval that listens to a resource every 5 minutes. And if the resource is detected to have your criterias (aka failure) you can then do a slack message. Otherwise the logic app instance terminates and nothing else happens.

1. Create a logic app with 5 minute interval
2. Set up "When a resource event occurs" and set up triggers to your log resource or if you want, set up triggers for all the resources (data factories) and skip the log workspace (if i understood it correctly).
3. If you have set up this use conditions to check if a "failure" has occured in one or multiple resources (at the same time).
4. If a failure happened, send slack message of what failed ( You could probably send a batch message of which failed if thats what you want)
5. If nothing failed, the instance is terminated.

I hope i understood this correctly and if this was helpful :)