天蓝色日志搜索警报
azure log search alerts
我有这个搜索,但我想在带宽达到 50% 时发出 azure 警报。我尝试了警报设置,但只设置了搜索找到的次数。所以不确定在搜索时需要添加什么只会触发带宽阈值。
AzureMetrics
| where ResourceId contains "ckt"
| where MetricName == "BitsINPerSecond"
| where TimeGenerated > (now() - 12h) and TimeGenerated <= now()
| project TimeGenerated, Resource, inBytes=Maximum
| join kind= inner
(
AzureMetrics
| where MetricName == "BitsOutPerSecond"
| where TimeGenerated > (now() - 12h) and TimeGenerated <= now()
| project TimeGenerated, Resource, outBytes= Maximum
)
on TimeGenerated, Resource
| summarize data_in_Gbps = max(inBytes)/1000000000, data_out_Gbps = max(outBytes)/1000000000,
data_total_Gbps = sum(inBytes + outBytes)/1000000000 by bin(TimeGenerated, 1h), Resource
| extend BW_percentage = data_out_Gbps * 100
| order by TimeGenerated
在查询末尾添加:“|where BW_percentage>50”。
当您 运行 自己查询时,检查您是否对结果感到满意。
然后将查询复制到警报规则并将阈值设置为 >0,以在任何资源为真时向您发出警报。
(如果这是您感兴趣的时间跨度,您可以将 1h 更改为 30m)。
我有这个搜索,但我想在带宽达到 50% 时发出 azure 警报。我尝试了警报设置,但只设置了搜索找到的次数。所以不确定在搜索时需要添加什么只会触发带宽阈值。
AzureMetrics
| where ResourceId contains "ckt"
| where MetricName == "BitsINPerSecond"
| where TimeGenerated > (now() - 12h) and TimeGenerated <= now()
| project TimeGenerated, Resource, inBytes=Maximum
| join kind= inner
(
AzureMetrics
| where MetricName == "BitsOutPerSecond"
| where TimeGenerated > (now() - 12h) and TimeGenerated <= now()
| project TimeGenerated, Resource, outBytes= Maximum
)
on TimeGenerated, Resource
| summarize data_in_Gbps = max(inBytes)/1000000000, data_out_Gbps = max(outBytes)/1000000000,
data_total_Gbps = sum(inBytes + outBytes)/1000000000 by bin(TimeGenerated, 1h), Resource
| extend BW_percentage = data_out_Gbps * 100
| order by TimeGenerated
在查询末尾添加:“|where BW_percentage>50”。 当您 运行 自己查询时,检查您是否对结果感到满意。 然后将查询复制到警报规则并将阈值设置为 >0,以在任何资源为真时向您发出警报。 (如果这是您感兴趣的时间跨度,您可以将 1h 更改为 30m)。