Log query For Heart beat Alerts in VMS with Exemption Azure Log Analytics

Featured by dakseven, posted in Azure, Log Analytics

Heartbeat Alert is often something that you would configure to see if a VM has been not responding to azure for more than 5 minutes ( either a failure or a shutdown).

If you plan to monitor your servers but you have some that are test or either get shut down at night to save costs

You will need to Exception some servers from your Heartbeat alert in Log analytics  to avoid raisin unnecessary alerts

here is how you would do it:

Last line is what it does the trick

Where “Computername1” is the server you wish to exception .

Once you are happy and tested the query . Make sure you update the Alert Rule

Alert Query:

Heartbeat
| where Computer !in (HeartbeatStopStartComputers)
| where TimeGenerated >= (datetime(2021-09-15T04:03:17.0000000Z) - 24h)
| extend Computer = replace(@"..*", @"", Computer)
| summarize LastHeartbeat = max(TimeGenerated) by Computer
| where LastHeartbeat < (datetime(2021-09-15T04:03:17.0000000Z) - 2h) and Computer != "Computername1" and Computer != "Computername2"
Advertisement

Published by dakseven

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.