Skip Navigation

Public preview: Query across applications in log alerts

Friday, May 18, 2018

You can use Azure Application Insights to monitor a distributed modern cloud application. In the same spirit, log alerts enable you to combine data across various apps. For more information, see the post on how to query across resources.

Cross-app query support in log alerts is currently in preview. While it’s in preview, the functionality could be subject to change and improvements.

For usage, let’s look at a scenario. Let’s say that at Contoso, they run an e-commerce site and a separate server/app for payment. Previously, they had to read endless logs of the site and payment server, to see if customers’ payments were dropped. Then they used log alerts:

 

Alert parameter

Parameter value

Comments

Query

union app('Contoso-PaymentServer').requests, requests | summarize AggregatedValue = count() by id,bin(timestamp, 5m)

Get requests across Contoso-PaymentServer and ContosoWeb and count every ID, sliced for every 5 minutes.

Type

Metric measurement

Alerts on variations in various time intervals of aggregated numeric value.

Logic

Less than 2

Check-in slices of 5 minutes, if the request ID was received twice—for example, once in the web app and once in the payment server.

Trigger

Consecutive breaches are greater than 2

If for two slices (for example, 5 + 5 minutes), alert logic (count of request less than 2) is met, then trigger the alert. 

Time Period

For last 15 minutes

Run the query with data for the last 15 minutes.

Frequency

Every 5 minutes

Run the query every 5 minutes.

 

 

CrossAppAlert

Now the Contoso team will be automatically notified when there's a possible payment snag. And they can focus on fine-tuning the site instead of drilling through logs.

To log alerts for the first time, see the article Log alerts in Azure Monitor. You can also provide feedback.

Related feedback