Problem already solved (see my comment below).

After giving our vm a bit more resources it finally after week calmed down.

pretty weird that I it consuming that much resources that long. Have to keep eye of it.

I will create support case for the next time!

Actually we are using that Agent Health solution but as the solution already is saying it is tracking health of the agent not vm which is not the same thing. Log Analytics agent can corrupt, service get stopped etc. which means that agent fails sending data but vm can still function fine = not that big issue compare to VM going entirely offline

thanks you for the good points ! :)

you mentioned that workbooks are free but how are grafana priced? I found this but are there some additional fees?

Hi,
the file were .log and not .txt so that why it were not getting tracked!

I can confirm that the folder exist tracked vm

were you able to track e.g that folder in your picture C:\Packages\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent? If yes, what kinda settings?

this still not really answers my question. Can that alert e.g resolve automatically after 2 weeks being open when alert condition isnt met for X minutes or what is maximum time time for this?

Hi,
I'm alert is log query v2 and it is following

 Heartbeat
 | summarize LastCall = max(TimeGenerated) by Computer, _ResourceId
 | extend HeartBeatMissing = iff(LastCall < ago(2h), 1, 0)

is this stateful or stateless? I would say stateless so what is maximum time that these alerts can be automatically closed?

currently already running 0.3.0 version with Powershell 7

but then here it shows it is still 0.2.0 version

i also tried to run that command in poweshell 5 but it did nothing and did not update module. I then had to manually copy 0.3.0 module from C:\Program Files\WindowsPowerShell\Modules to C:\Users\user\Documents\PowerShell\Modules\Az.ConnectedMachine

now the update seems to be working.

Hi,
I have now even issues using Get-AzDiagnosticSetting command to get diagnostic properties out of resources. There seems to be very odd sync issues or even bugs (after deleting diagnostic settings using powershell it do not regonize diagnostic settings at all if I put settings back manually using portal). I think I have to contact support directly..

Even when using command Get-AzDiagnosticSetting to resources that I just put manually diagnostic settings on using Portal, I don't get any results.,

Tried using powershell, cloud shell, ise, powershell 7 and updates to latest az modules but same issue always.

HI,
here are those. First getting possible properties of the lock, removing lock if found on resouce, getting diangostic settings and lastly revoming them

1. $Lock = Get-AzResourceLock -ResourceName $resourcename -ResourceType $resourceType -ResourceGroupName $rgname
   

2. Remove-AzResourceLock -LockName $lockname -ResourceGroupName $lockrg -ResourceName $resname -ResourceType $resourceType -Force
   

3. $azDiagSettings = Get-AzDiagnosticSetting -ResourceId $resourceId | Where-Object { $_.Id -ne $NULL }
   

4. $removeDiag = Remove-AzDiagnosticSetting -ResourceId $azDiagid -Name $azDiag.Name

Somebody had already made similar script so were using it as base template and modifed some parts to fit my needs but the core commands are the same: https://charbelnemnom.com/removing-diagnostic-settings-configuration-for-azure-resources/

Thanks for the reply and test. I'm tried with 2.7.0 and then updated to 3.0.1 module but same issue always, Will open official Azure support case

Hi, I do not want to add new lines to my query but now Microsoft adds them now automatically to your query when creating new custom log search alert and thus breaking the original query

My query when creating alert + data

and when pressing the button "See the Final Query" it shows like this (my query + two additional lines). By adding those two lines to the end it breaks my original query and is the reason why alert do not work (now the syntax in query is complitly wrong). Because those lines are automatically generated I cannot modify that to e.g LastCall

and when I run the "Final Query" in laws is fails (just to proof that because those two lines gets added to query it breaks alerts)

Hmm kinda not sure if that helps (or if I understood that right). OP tried to disable whole rule but I need to suppress alerts from single vm.

So by using deployment scripts I can run PS1 scripts when doing remediations allowing me modify diagnostic settings example name of setting which could not be done otherwise.

Hi,
when you said that I could try to use PowerShell or CLI commands do you mean that I should try to use PowerShell or CLI commands to create, assign or remediate policy (instead of Portal) or in what step should I try to use those commands?