Share via

How to generate incidents for each record entry in Custom Log Table of Log Analytics Workspace ?

Rushit Ajudiya 146 Reputation points
2022-07-04T12:55:28.963+00:00

We are trying to create an Incident for every single row of data that is being ingested in a custom log table using an Analytic rule, but it generates just a single incident for all the entries in the custom log table. Is there a way to have an Incident created for every data record that is being ingested in the custom log table ? Kindly help

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,858 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,000 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Clive Watson 5,721 Reputation points MVP
    2022-07-04T22:56:57.87+00:00

    If the alert is time based, and you "trigger an alert for each event". Here is a very simple example and not fully tested, which may give you an idea?

    217523-image.png

    0 comments