I need to try and create an alert for when a new entry is added to an application log file. Each new entry is time stamped. I have setup/imported the custom log as timestamped and tested with a dummy app log file and manually added entries. I initially set up the alert to trigger when the number of results is greater than 0. This appears to work but depending on the time intervals I set it will keep emailing me the alerts. Is there anyway I can get it to just alert the once for each time a new entry is added?
Alert logic Based on - Number of results Operator Greater than Threshold value 0
Evaluation based on Period(in Minutes) 1440
Frequency(in minutes) 240
I have set these to cut down on the alert emails. Ideally i'd like it to check every hour and alert when new entry is added but only alert the once. Not sure if it can be done. Is there any tweaks to the Kusto query where I can get it to alert based on a row number increase. With setting the alert to greater than 0 I've a feeling it will always alert because all new entries will mean its higher than that value.
My basic Kusto query just returns lines that list a document number
LogAppend_CL | where RawData contains "for Document number"
