I want to specify the execution time of the alert check

真 川崎 196 Reputation points
2022-06-27T05:48:41.46+00:00

I checked the log output amount once a day and set an alert to notify if even one line is output.
Normally, the check will run immediately after setting the alert, and then the check will run 24 hours later.
Is there a way to specify the time to check?
For example, I want the check to run at 10 o'clock every morning.

215212-image.png

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,452 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alistair Ross 7,381 Reputation points Microsoft Employee
    2022-06-27T10:53:08.803+00:00

    Hello

    Alerts in Azure Monitor only allow for a frequency, therefore you cannot specify an exact time to run. However there are some options

    1. Use a Logic App or Function to execute the query. You can specify exactly when these will run.
    2. Put a Time Range filter in your query to allow it to only return results within a specific period. This way the alert would run within a time window of the specified time. let HourOfDaytoRun = "01:00"; // Write this in 24 hour format with hh:mm UTC
      let QueryFrequency = 10m; // This is the frequency of the alert. Specify this to avoid it running multiple times
      let StartTime = startofday(now()) + totimespan(HourOfDaytoRun);
      let EndTime = StartTime + QueryFrequency;
      let IsQueryTime = iif(
      now() between(StartTime .. EndTime), true, false
      );
      // Your Query Here
      SecurityEvent
      | where TimeGenerated > ago(1d)
      | where IsQueryTime == true

    I haven't allowed for daylight savings in my query as this varies from country to country

    kind regards

    Alistair


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.