Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,095 questions
Azure Alert from 'fired' to 'resolved' time
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 56.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Bombbe
1,491
Reputation points
Hi,
could not find this information on about docs so hopefully someone knows here.
If my alert fires and goes to Alert condition -> 'fired' how much time can there be between until Alert condition can't anymore go to 'resolved' automatically?
I have few alerts and affected resources that are still in condition 'fired' but the issue is really solved and condition is not anymore met.
{count} votes
-
tbgangav-MSFT 8,406 Reputation points2022-04-16T07:45:00.927+00:00 Hello @Bombbe ,
Is your alert stateful or stateless? Is your alert a metric alert or log alert? Please check below scenarios that might be matching with yours. If not, then please provide more details or context to try to help you.
Scenario 1:
As explained here (for illustration check below screenshot), if you have made a metric alert rule stateless then it prevents fired alerts from becoming resolved so even after the condition isn’t met anymore the fired alerts will remain in a fired state until the 30 days retention period.
Scenario 2:
As explained here, if you have a stateless alert then it fires each time the condition is met, even if fired previously and you can mark the alert as closed once the alert instance is resolved. Stateful alerts fire once per incident and resolve. The alert rule resolves when the alert condition isn't met for 30 minutes for a specific evaluation period (to account for log ingestion delay), and for three consecutive evaluations to reduce noise if there is flapping conditions. Stateful alerts feature is currently in preview. You can set this using Automatically resolve alerts in the alert details section.
-
Bombbe 1,491 Reputation points
2022-04-21T13:26:28.123+00:00 Hi,
I'm alert is log query v2 and it is followingHeartbeat | summarize LastCall = max(TimeGenerated) by Computer, _ResourceId | extend HeartBeatMissing = iff(LastCall < ago(2h), 1, 0)
is this stateful or stateless? I would say stateless so what is maximum time that these alerts can be automatically closed?
-
tbgangav-MSFT 8,406 Reputation points
2022-05-03T08:42:00.643+00:00 Hi @Bombbe ,
Your response clarifies that you have configured log alert and as you have enabled Automatically resolve alerts section so its a stateful log alert which is currently in preview. As per scenario 2 in my earlier comment and as explained here, stateful alerts fire once per incident and resolve. The alert rule resolves when the alert condition isnt met for 30 minutes for a specific evaluation period to account for log ingestion delay, and for three consecutive evaluations to reduce noise if there is flapping conditions.
-
Bombbe 1,491 Reputation points
2022-05-03T13:16:07.28+00:00 this still not really answers my question. Can that alert e.g resolve automatically after 2 weeks being open when alert condition isnt met for X minutes or what is maximum time time for this?
-
tbgangav-MSFT 8,406 Reputation points
2022-05-04T05:00:07.393+00:00 Hi @Bombbe ,
Let me try to explain the example provided here (or in highlighted part of the below screenshot) with your use case.
As your stateful log alert's frequency is set as 2 hours so if your alert condition isn't met for 30 minutes of time then the alert should ideally be resolved after 4 hours 30 minutes of time.
But if the alert is not resolved even after 2 weeks then there might be a backend issue with regards to it. In that case, I have already recommended you over a private comment to raise an Azure technical support request.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 52%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Narasimha Kolla - DSV 21 Reputation points2023-05-18T18:35:17.0566667+00:00 I am also facing the same issue, I have triggered few alerts and affected resources that are still in condition 'fired' even though the issue is fixed. Not moving to resolved state.
Sign in to comment