question

GoceDimitroski-4791 avatar image
0 Votes"
GoceDimitroski-4791 asked onurpekdag answered

Best way to alert on Heart Beat Alert in Azure

Hello,
We wish to start using Log Analytics to alert us when a VM is not reachable for over 5min.
We have several subscription . I have been looking into this and there are so many ways to achieve this.
Setting up an Alert rule
Setting up Logic Apps
Setting up Workbook.

In the example I have seen there is a simple query

Heartbeat
| summarize max(TimeGenerated) by Computer
| where max_TimeGenerated > ago(5m)

But when I run the query over and set it for the past 30min I get over 400 Vm's. Which is wrong.

We are trying to do is, so to alert us when a vm has not heartbeat or maybe no network connectivity for over 5min.
This is so easy to do in SCOM . Why is it so complicated in Azure ?

We are able to set up alert rule when a vm has high CPU 90% for longer than 5min. This works great.

Any ideas

azure-monitor
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CliveWatson-3295 avatar image
0 Votes"
CliveWatson-3295 answered RafaelAlmeida-1536 commented

// Not reporting VMs
// VMs that have not reported a heartbeat in the last 5 minutes.
// To create an alert for this query, click '+ New alert rule'
Heartbeat
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer
| where LastCall < ago(5m)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Great, thanks for share !

0 Votes 0 ·
KhurramRahim avatar image
0 Votes"
KhurramRahim answered

http://contoso.se/blog/?p=4532

Please find answer hope you will find step by step guide hope answer the question

If issue resolve don't forget to accept answer and upvote.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GoceDimitroski-4791 avatar image
0 Votes"
GoceDimitroski-4791 answered tbgangav-MSFT edited

With all of these it is not in real time ? Azure needs to read the logs ?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GoceDimitroski-4791,

When you said "it is not in real time ?", did you mean the log data in Heartbeat table is ingested with latency?

  • If Yes, then I also believe and agree that as per current design sometimes it ingests the log data with little latency. Please refer this article for more information w.r.t it.

  • If No, please provide more context to help me understand the statement better so I can try to clarify.

Regarding the comment "Azure needs to read the logs?"

  • Yes, in this case. AFAIK the Log Analytics is central repository where heart beat log data of agents is logged under Heartbeat table and from that we can query the details from that source.

0 Votes 0 ·

<<continued>>

  • If you are looking for a way to not depend on "Azure (or Log Analytics workspace repository) reading the heart beat logs of agents" then it might be achieved by coming up with some solution where we remotely check if an agent goes down (i.e., heart beat stops) which means MMA/OMS/LA agent related service is stopped in the VM or agent machine and then monitor and capture the status continuously and then get alerted.

0 Votes 0 ·
onurpekdag avatar image
0 Votes"
onurpekdag answered

another an option to be create resource health alert for virtual machines without cost and log analytics workspace

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.