搜索查询应包含 'AggregatedValue' 和 'bin(TimeGenerated, [roundTo])' 指标警报类型
Search Query should contain 'AggregatedValue' and 'bin(TimeGenerated, [roundTo])' for Metric alert type
我想针对以下情况创建警报:
if (incoming_messages of event hub != outgoing_messages of event hub)
then I should get alerted
为此,我在日志分析中创建了一个查询,其中“比较”列显示了事件中心传入和传出消息的差异
但是当我使用以下查询作为警报创建的“度量标准”时......它给出了以下错误
Search Query should contain 'AggregatedValue' and 'bin(TimeGenerated, [roundTo])' for Metric alert type
有人可以告诉我如何解决这个错误,或者有任何其他方法可以为上述情况设置警报吗??
这里是查询
let Incoming_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "IncomingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalIncomingMessages = Count;
let Outgoing_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "OutgoingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalOutgoingMessages = Count;
Incoming_Messages
| join Outgoing_Messages on CommonCol
| extend Comparison = TotalIncomingMessages - TotalOutgoingMessages
| project TotalOutgoingMessages, TotalIncomingMessages, Comparison
错误截图:
在你的情况下使用 'Number of results' 似乎更有意义。因为您想知道是否有任何行符合条件。
使用 'Number of results'(阈值 > 0)尝试此查询:
let Incoming_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "IncomingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalIncomingMessages = Count;
let Outgoing_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "OutgoingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalOutgoingMessages = Count;
Incoming_Messages
| join Outgoing_Messages on CommonCol
| extend Comparison = TotalIncomingMessages - TotalOutgoingMessages
| project TotalOutgoingMessages, TotalIncomingMessages, Comparison
| where Comparison != 0
我想针对以下情况创建警报:
if (incoming_messages of event hub != outgoing_messages of event hub)
then I should get alerted
为此,我在日志分析中创建了一个查询,其中“比较”列显示了事件中心传入和传出消息的差异
但是当我使用以下查询作为警报创建的“度量标准”时......它给出了以下错误
Search Query should contain 'AggregatedValue' and 'bin(TimeGenerated, [roundTo])' for Metric alert type
有人可以告诉我如何解决这个错误,或者有任何其他方法可以为上述情况设置警报吗??
这里是查询
let Incoming_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "IncomingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalIncomingMessages = Count;
let Outgoing_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "OutgoingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalOutgoingMessages = Count;
Incoming_Messages
| join Outgoing_Messages on CommonCol
| extend Comparison = TotalIncomingMessages - TotalOutgoingMessages
| project TotalOutgoingMessages, TotalIncomingMessages, Comparison
错误截图:
在你的情况下使用 'Number of results' 似乎更有意义。因为您想知道是否有任何行符合条件。
使用 'Number of results'(阈值 > 0)尝试此查询:
let Incoming_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "IncomingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalIncomingMessages = Count;
let Outgoing_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "OutgoingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalOutgoingMessages = Count;
Incoming_Messages
| join Outgoing_Messages on CommonCol
| extend Comparison = TotalIncomingMessages - TotalOutgoingMessages
| project TotalOutgoingMessages, TotalIncomingMessages, Comparison
| where Comparison != 0