Alert
Alerts created by log alerts rules and SCOM alerts collected through Alert Management solution.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Azure Monitor |
| Solutions | LogManagement |
| Basic log | No |
| Ingestion-time transformation | Yes |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AlertContext | string | Details of the data item that caused the alert to be generated in XML format. |
| AlertDescription | string | Detailed description of the alert. |
| AlertError | string | |
| AlertId | string | GUID of the alert. |
| AlertName | string | Name of the alert. |
| AlertPriority | string | Priority level of the alert. |
| AlertRuleId | string | |
| AlertRuleInstanceId | string | |
| AlertSeverity | string | Severity level of the alert. |
| AlertState | string | Latest resolution state of the alert. |
| AlertStatus | int | |
| AlertTypeDescription | string | |
| AlertTypeNumber | int | |
| AlertValue | int | |
| _BilledSize | real | The record size in bytes |
| Comments | string | |
| Computer | string | |
| Custom1 | string | |
| Custom10 | string | |
| Custom2 | string | |
| Custom3 | string | |
| Custom4 | string | |
| Custom5 | string | |
| Custom6 | string | |
| Custom7 | string | |
| Custom8 | string | |
| Custom9 | string | |
| Expression | string | |
| Flags | int | |
| FlagsDescription | string | |
| HostName | string | |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| LastModifiedBy | string | Name of the user who last modified the alert. |
| LinkToSearchResults | string | |
| ManagementGroupName | string | Name of the management group for System Center Operations Manager agents. |
| ObjectDisplayName | string | |
| PriorityNumber | int | |
| Query | string | |
| QueryExecutionEndTime | datetime | |
| QueryExecutionStartTime | datetime | |
| RemediationJobId | string | |
| RemediationRunbookName | string | |
| RepeatCount | int | Number of times the same alert was generated for the same monitored object since being resolved. |
| ResolvedBy | string | Name of the user who resolved the alert. Empty if the alert has not yet been resolved. |
| ResourceId | string | |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ResourceType | string | |
| ResourceValue | string | |
| RootObjectName | string | |
| ServiceDeskConnectionName | string | |
| ServiceDeskId | string | |
| ServiceDeskWorkItemLink | string | |
| ServiceDeskWorkItemType | string | |
| SourceDisplayName | string | Display name of the monitoring object that generated the alert. |
| SourceFullName | string | Full name of the monitoring object that generated the alert. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StateType | string | |
| StatusDescription | string | |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TemplateId | string | |
| ThresholdOperator | string | |
| ThresholdValue | int | |
| TicketId | string | Ticket ID for the alert if the System Center Operations Manager environment is integrated with a process for assigning tickets for alerts. Empty of no ticket ID is assigned. |
| TimeGenerated | datetime | Date and time the record was created. |
| TimeLastModified | datetime | Date and time that the alert was last changed. |
| TimeRaised | datetime | Date and time that the alert was generated. |
| TimeResolved | datetime | Date and time that the alert was resolved. Empty if the alert has not yet been resolved. |
| TriggerId | string | |
| Type | string | The name of the table |
| Url | string | |
| ValueDescription | string | |
| ValueFlags | int | |
| ValueFlagsDescription | string |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for