Public preview: Query across applications in log alerts
Published date: May 18, 2018
You can use Azure Application Insights to monitor a distributed modern cloud application. In the same spirit, log alerts enable you to combine data across various apps. For more information, see the post on how to query across resources.
Cross-app query support in log alerts is currently in preview. While it’s in preview, the functionality could be subject to change and improvements.
For usage, let’s look at a scenario. Let’s say that at Contoso, they run an e-commerce site and a separate server/app for payment. Previously, they had to read endless logs of the site and payment server, to see if customers’ payments were dropped. Then they used log alerts:
union app('Contoso-PaymentServer').requests, requests | summarize AggregatedValue = count() by id,bin(timestamp, 5m)
Get requests across Contoso-PaymentServer and ContosoWeb and count every ID, sliced for every 5 minutes.
Alerts on variations in various time intervals of aggregated numeric value.
Less than 2
Check-in slices of 5 minutes, if the request ID was received twice—for example, once in the web app and once in the payment server.
Consecutive breaches are greater than 2
If for two slices (for example, 5 + 5 minutes), alert logic (count of request less than 2) is met, then trigger the alert.
For last 15 minutes
Run the query with data for the last 15 minutes.
Every 5 minutes
Run the query every 5 minutes.
Now the Contoso team will be automatically notified when there's a possible payment snag. And they can focus on fine-tuning the site instead of drilling through logs.