Azure Monitor alert on a filtered custom metric, less than case

1
votes

I have an Azure Monitor alert on a custom metric with a filter. Here's what the Custom Log Query looks like:

customMetrics 
| where name == 'MyMetricName' 
| where cloud_RoleInstance == 'MyInstanceName' 
| summarize AggregatedValue = sum(valueCount) by bin(timestamp, 5m)

I want to be alerted when sum(valueCount) == 0. For that, i specify "Metric measurement" => "Less than" => 1. This works fine as soon as the service emitting the metric is running. When it stops, there is no metrics and the query above would not return any records - that's the way aggregation functions work in Kusto. And because of that, the alert would never fire :(. Any ideas how to make it to?

2
azure-application-insightsazure-monitoringkql

2 Answers

1
votes

one option for you to consider is to switch summarize to make-series, and specify kind=nonempty

https://docs.microsoft.com/en-us/azure/kusto/query/make-seriesoperator

0
votes

I just combined make-series as suggested by Yoni and came up with this variation. I tried this on one of my Perf log analytics table and it worked. Check how this goes with you and let me know. 

let data = customMetrics 
| where name == 'MyMetricName' 
| where cloud_RoleInstance == 'MyInstanceName' 
| make-series kind = nonempty SumValue= sum(CounterValue) on timestamp from ago(30m) to now() step 5m  // checking 30m interval this will equal assuming alert period = 30m
| mvexpand timestamp, SumValue
| where SumValue <= 1  // Filtering those 5 min time intervals where there is no data 
| project  todatetime(timestamp) , SumValue; 
data
| summarize AggregatedValue = count() by bin(timestamp, 30m)  // This will also be equal to alert period assuming 30 minutes