question

JamesS-5847 avatar image
0 Votes"
JamesS-5847 asked bhargaviannadevara-msft edited

Is there a way to dedup app Insights alerts

Is there a method to suppress multiple alerts from a single incident. For example: if 1 is an alert and 0 is green. The object in question goes to 1 and remains there for 30 minutes. (it takes a while to fix) and we check status every 5 minutes. This would result in an alert being sent a total of 7 times for the time period.

Is there a way of having an alert know that "it's the same state as last check don't alert"? Thanks in advance.

azure-monitorazure-webapps-monitoring
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

bhargaviannadevara-msft avatar image
0 Votes"
bhargaviannadevara-msft answered bhargaviannadevara-msft edited

@JamesS-5847 Thanks for reaching out. If the alerts in question are Log alerts, then this use-case is apt for stateless or stateful alerts (currently in preview).

Option 1: Stateless Alerts
Stateless alerts fire each time the condition is met, even if fired previously, similar to the scenario you described above. What you can do then to reduce noise is Suppress Alerts. When checked/enabled, it allows you to set an amount of time to wait before alerting again, i.e., prevent them from triggering for a period after an alert rule fired. You can configure this suppression interval to be anywhere between 0 and 10000 minutes. In your case, setting 30 minutes, say, as the interval should help dedup the alerts.

Option 2: Stateful Alerts (Preview)
Alternatively, you can configure the alert to be a stateful one. Do note that the Stateful alerts feature is currently in preview in the Azure public cloud. You can set this using the Automatically resolve alerts option in the alert details section while configuring the alert. Stateful alerts fire once per incident and resolve. The alert rule resolves when the alert condition isn't met for 30 minutes for a specific evaluation period (to account for log ingestion delay), and for three consecutive evaluations to reduce noise if there are flapping conditions.

For example, with a frequency of 5 minutes, the alert resolves after 40 minutes or with a frequency of 1 minute, the alert resolves after 32 minutes. The resolved notification is sent out via web-hooks or email, and the status of the alert instance (called monitor state) in the Azure portal is also set to resolved.

Check this article for knowing more about state and resolving alerts.

Hope this helps. Do let us know if you have further questions.



If an answer is helpful, please "Accept answer" and/or "Up-Vote" which might help other community members reading this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.