question

bczudek avatar image
0 Votes"
bczudek asked ·

Is it possible to raise multiple Azure Alerts from one Custom Log Search result?

Hi there,

I have a several Linux vms (very dynamic environment) which sends SysLog to single Log Analytic Workspace. I would like to raise an Azure Alert whenever a warning appears in SysLog Log Analytic Workspace. How can I write a Custom Log Search to accomplish it?

The query I wrote:
Syslog
| project _ResourceId, SyslogMessage, SeverityLevel, EventTime
| where SeverityLevel == 'warn'
can be consumed by Azure Monitor however if two machines produce Warning in the same alert period - only one Alert will be raised. What I would like to achieve is to have one query that is capable of producing multiple alerts.

Is it possible with logs?

many thanks
Bartek

azure-virtual-machinesazure-virtual-machines-monitoring
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

VaibhavChaudhari avatar image
1 Vote"
VaibhavChaudhari answered ·

To get the answer on Azure log analytics service, I'd suggest to post this question to below dedicated forum as well:
https://social.msdn.microsoft.com/Forums/azure/en-US/newthread?category=windowsazureplatform&forum=opinsights


·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VaibhavChaudhari avatar image
0 Votes"
VaibhavChaudhari answered ·

This question has been answered here: https://social.msdn.microsoft.com/Forums/en-US/d42ea8b9-5313-4f58-8d87-0ad600af2002/is-it-possible-to-raise-multiple-azure-alerts-from-one-custom-log-search-result?forum=opinsights



Please close the thread by accepting response as answer that helped you.

·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.