question

RajanieshKaushikk-3057 avatar image
0 Votes"
RajanieshKaushikk-3057 asked vipullag-MSFT commented

Azure Alert when vm is down or disk space is reaching for more then 80% of the Disk capacity with azure log analytics

Hi,

I have setup the azure log analytics and vms are reporting to the workspace now want to create two alerts separately

  1. User should get an Azure Alert when VM is down. Not sure how can we achieve because I tried using the heartbeat query but it is not giving the result:

Heartbeat
| where TimeGenerated > ago(10m)
| summarize LastHeartbeat = max(TimeGenerated) by Computer
| where isnotempty(Computer)
| where LastHeartbeat < ago(5m)
| where Computer == "Testvm"

To test this query I stopped the vm and tested this query to see if it shows the vm which was stopped but it did not worked.

  1. Azure Alert when disk space is reaching more then 80% of the Disk capacity. I am not sure how to write the KQL for this one?

Regards
Rajaniesh



azure-virtual-machines
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipullag-MSFT avatar image
0 Votes"
vipullag-MSFT answered vipullag-MSFT commented

@RajanieshKaushikk-3057

For the Alerts on VM down, you can use Azure Monitor Service and get these alerts configured.
Please check this document for more information:
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric

I just tried this and you have more signal names to choose in this way:

137442-image.png


One more way of configuring alerts for VM is by configuring health alerts in Azure portal.
For the disk space alert, please check these documents which can help you create as per your requirement:

https://docs.microsoft.com/en-us/archive/blogs/ukhybridcloud/azure-log-analytics-disk-space-usage
https://docs.microsoft.com/en-us/archive/blogs/ukhybridcloud/azure-log-analytics-disk-space-usage-part-2

Below is an example for reference:

//This query below will show you the Machines with less than 10 Gb. With free diskspace.
// you can change the value, currently in 10 Gb.

InsightsMetrics
| where Name == "FreeSpacePercentage"
| summarize arg_max(TimeGenerated, *) by Tags
// arg_max over TimeGenerated returns the latest record
| project TimeGenerated, Computer, Val, Tags
| where Val < 10

Steps to create the Log Search Alert
1. Please go ahead into Log Analytics Workspace > Logs
2. Run the query above and adjust it to your need.
3. Click on run to test the result.
4. New alert rule


Hope this information helps.
Please 'Accept as answer' if the provided information is helpful, so that it can help others in the community looking for help on similar topics.


image.png (96.1 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Vipullag,

Thanks for the prompt reply. For VM alert I am looking for an alert when VM stops responding due to any issue so we can notify Production support team and they can have a look. The signal alert are used for activities performed on these VMs like shutdown or restart the VMs and they can not be used for the kind of alerts I am looking for.I think we should use heartbeat alert for such kind of thing or any other mechanism.

Regards
Rajaniesh

0 Votes 0 ·
vipullag-MSFT avatar image vipullag-MSFT RajanieshKaushikk-3057 ·

@RajanieshKaushikk-3057

Apologies for delayed response on this.

Based on your ask, you want VM health alerts (typically when a VM is not reachable). These can achieved by the Azure Service Health as I mentioned in my previous response.
Alert for VM stops responding (issue with underlying host).

Please check these documents for more info on this:

https://docs.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide
https://azure.microsoft.com/en-in/blog/get-notified-when-your-azure-resources-become-unavailable/

0 Votes 0 ·

Microsoft Team,

Do you have any update?

Regards
Rajaniesh

0 Votes 0 ·