Adding alerts for Log Analytics in Azure
In the previous blog post I discussed how to extend your Log Analytics alerts in Azure. Once you are extended into Azure there are two methods available to create new alerts which we will discuss in this blog (the easier one is via Log Search the other is in Monitor / Alerts).
Creating an alert from Log Search in Azure
The easy approach to create a new alert is to open Log Search in Azure as part of Log Analytics. To do this, open Log Analytics in Azure.
Then open the name of your workspace.
And then open up Log Search.
Paste in your favorite alert query from Log Analytics and then run it.
Once the query has been run you can choose the option to create a “New Alert Rule” as shown below.
This benefit to this approach is that it pre-populates the alert condition with the correct alert target and the alert criteria (you may need to tweak the alert criteria from your original alert).
Define alert condition
Next you define the alert details including the alert rule name (which cannot contain several character types per this message), the description, severity, and whether or not to enable the rule on creation and whether or not to suppress alerts.
Define alert details
Then you configure the action group. If you don’t have one already you will need to create one.
Within the action group you define how to notify the various members of the action group. As you can see, the addition of new capabilities such as SMS messages, app push notifications and voice really expands the options available for alerting!
Once you have finished defining the action group you can then customize actions such as the email subject and custom Json payload.
Define action group
Choose the option to “Create alert rule” to complete the process.
Rules can now be seen and edited in the Monitor portion of Azure.
Alerts are found under Alerts (where you can see alerts that have fired).
And you can see the underlying rules by opening Manage rules.
Creating an alert from Monitor in Azure
You can also create alerts directly from the Monitor portion of Azure within the Alerts section by choosing the “New Alert Rule” option.
Unlike the first approach provided in this blog post you have to select the appropriate alert target and alert criteria.
Define alert condition
For Alert target, search on Log Analytics within the correct subscription and then choose your workspace.
For the Alert criteria choose Custom log search.
This will populate the target and criteria with the data that you need to finish up the step to “Define alert condition”. From here you can return to the steps shown in the first part of this blog to “Define alert details” and “Define action group”.
Tip: You can edit or create new “Action Groups” in Monitor under “Action groups”.
Summary: The new approach to create an alert in Azure requires the process of defining an alert condition, alert details and then an action group. These steps can be taken most easily from Log Analytics from an existing Log search or a new alert for Log Analytics can be added in the Monitor portion of Azure.