{"id":31425,"date":"2019-01-18T19:52:00","date_gmt":"2019-01-18T19:52:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/premier_developer\/?p=31425"},"modified":"2019-02-14T20:17:35","modified_gmt":"2019-02-15T03:17:35","slug":"alerts-based-on-analytics-query-using-custom-log-search","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/premier-developer\/alerts-based-on-analytics-query-using-custom-log-search\/","title":{"rendered":"Alerts based on Analytics query using Custom log search"},"content":{"rendered":"<p>Premier Developer Consultant <a href=\"https:\/\/www.linkedin.com\/in\/adel-ghabboun-44082916\/\">Adel Ghabboun<\/a> explores how to create alerts based on data analytics queries using Custom Log Search.<\/p>\n<hr \/>\n<p>One feature was removed in Application Insights called <i>Scheduled Analytics<\/i>, and now it is replaced with <b><i>Custom Log Search<\/i><\/b> which allows us to create an Alerts based on data analytics queries.<\/p>\n<p>Custom log search in Application Insights can be of two types:<\/p>\n<ol>\n<li>&#8211; <u>Number of results<\/u>. Single alert created when the number of the records returned exceed a specified number.<\/li>\n<li>&#8211; <u>Metric measurement<\/u>. Alert created for each object in the results of the log search with values that exceed specified threshold.<\/li>\n<\/ol>\n<p>In this Blog, will show you the easiest way to create a custom log search in Application Insights using the <b>Number of result<\/b> type.<\/p>\n<ul>\n<li>On the <b>overview<\/b> tab, click on <b>Analytics<\/b> button\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa1.png\"><img decoding=\"async\" width=\"1028\" height=\"545\" title=\"aa1\" alt=\"aa1\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa1_thumb.png\" border=\"0\" \/><\/a><\/li>\n<li>Write your own query and hit <strong>Run\n<\/strong>For example \u2013<\/p>\n<pre>requests\r\n| project name, url, success \r\n| where success == \"False\"<\/pre>\n<p>This will return all the failed requests in my App Insights within the specified time range\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa2.png\"><strong><img decoding=\"async\" width=\"1028\" height=\"470\" title=\"aa2\" alt=\"aa2\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa2_thumb.png\" border=\"0\" \/><\/strong><\/a><\/li>\n<li>On the top-right corner, click on \u201c<b>+ New Alert rule<\/b>\u201d\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa3.png\"><img decoding=\"async\" width=\"1028\" height=\"472\" title=\"aa3\" alt=\"aa3\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa3_thumb.png\" border=\"0\" \/><\/a><\/li>\n<li>Under the <b>Condition<\/b> section, click on the current condition that says \u201c<i>Whenever the custom log search is &lt;logic undefined&gt;<\/i>\u201d\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa4.png\"><img decoding=\"async\" width=\"1016\" height=\"772\" title=\"aa4\" alt=\"aa4\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa4_thumb.png\" border=\"0\" \/><\/a><\/li>\n<li>Specify the condition by choosing the <i>Based on<\/i>, <i>condition<\/i>, <i>Threshold, Period and Frequency<\/i> parameters and then click <b>Done\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa5.png\"><img decoding=\"async\" width=\"597\" height=\"772\" title=\"aa5\" alt=\"aa5\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa5_thumb.png\" border=\"0\" \/><\/a><\/p>\n<p><\/b><\/li>\n<li>Configure the <b>Action Group<\/b> as you do in any alert\n<a href=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa6.png\"><img decoding=\"async\" width=\"1028\" height=\"744\" title=\"aa6\" alt=\"aa6\" src=\"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-content\/uploads\/sites\/31\/2019\/01\/aa6_thumb.png\" border=\"0\" \/><\/a><\/li>\n<li>After you are done, you should receive a notification every time the condition is met. In the above scenario whenever the number of records returned is more than 3 records.\n<p>References: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-monitor\/platform\/alerts-unified-log\">Log Alerts in Azure Monitor<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>One feature was removed in Application Insights called Scheduled Analytics, and now it is replaced with Custom Log Search which allows us to create an Alerts based on data analytics queries.<\/p>\n","protected":false},"author":582,"featured_media":33033,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[25,130],"tags":[13,1128,81,3],"class_list":["post-31425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-telemetry","tag-adel-ghabboun","tag-analytics","tag-application-insights","tag-team"],"acf":[],"blog_post_summary":"<p>One feature was removed in Application Insights called Scheduled Analytics, and now it is replaced with Custom Log Search which allows us to create an Alerts based on data analytics queries.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/31425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/comments?post=31425"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/31425\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media\/33033"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media?parent=31425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/categories?post=31425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/tags?post=31425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}