Shulou(Shulou.com)06/03 Report--

Indicator alerts and log alerts

At Azure Monitor we have several types of alerts. These are metric alerts, log alerts, activity log alerts, and change tracking alerts. Today we're going to focus on two of the most basic types of alerts, metric alerts and log alerts. Some metric alerts can be created without using the log analysis workspace (log search). That is, without the log analysis workspace (log search), we might not be able to create "some" metric alerts. For example, to alert a virtual machine's memory, we would need a log analysis workspace and use Perf to do the relevant queries.

Indicator alerts are faster than log alerts

Take the following query as an example:

Perf | where CounterName == "% Committed Bytes In Use" and CounterValue > 90

The above query statement is used to query memory usage over 90%. If we set alert for this query, it will perform exactly the same operation as the indicator alarm, but because this is a log alarm, it needs to collect relevant data and search. Therefore, Zhejiang is slightly slower than setting the alarm to the explosive metric

Use metric dimensions

When we set up an alert in Azure, we need to determine the appropriate dimensions. In the case of virtual machines, we can choose to alert certain VMs, or we can choose to alert all machines in the current workspace and new machines using " *."

Because our metrics alerts have many dimensions, we need to look carefully at what we are doing before setting them up to make sure we are setting the metrics we want to be alerted to.

Some of the metrics shown below apply to Windows, while some apply to Linux. For example, there is no percentage of memory available under Windows counters.

Using Project on Log Alerts

In using log alerts, I strongly recommend you use project, which can limit alerts to only necessary fields, which will be very helpful for our mail-based alerts, and also help us trigger automatic repair action groups in LopicApps, Azure Functions and Azure Automation Runbook.

For example, we can use this query to query whether the spooler service has stopped:

ConfigurationData| where SvcName == "Spooler" and SvcState == "Stopped"| project Computer, SvcName, SvcState, SvcDisplayName, TimeGenerated

Using the above statement, I get the data I need, such as the computer that triggered the alarm, the service name, the service status, the service display name, and the generation time. As you can see, Project allows us to send only the data we want to action group.

Common Alarm Architecture

The Common Alert Architecture was created to standardize alerts between Metric, Log, and Active Log alerts, each with its own template and architecture.

If we created an Action Group, we would see this "Enable Universal Alerts" button here:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.