AKS Monitoring - Questions about Azure Monitor, Grafana and Prometheus
Hi, We have a Kubernetes platform on which we are developing our microservices. To start working on monitoring, we have some important questions. We want to monitor from the status of the nodes of the AKS clusters as the status of the pods (status, if they are not started, etc.). If we go to an AKS cluster to 'Monitoring - Insights' we see a lot of information, but we want to have dashboards and, most importantly, alerts. On the one hand, it is possible to create alerts in the Azure portal itself and also dashboards. On the other hand, we see that the Microsoft documentation indicates how to configure 'Azure Managed Grafana'. And finally, we have Prometheus which in turn displays dashboards using Grafana. Our biggest question is: What do both Grafana and Prometheus contribute? Do we get more information with Prometheus than we get with Azure Insights? Grafana we see that it already brings many pre-created dashboards for many parts of Azure, as well as pre-created alerts. Is it worth using 'Azure Grafana Managed' or if you don't want to pay for the service, use Azure Monitor for everything? Thanks!!
Log Analytics Alert Filtered Query
I made this query: AzureDevOpsAuditing | where ActorUPN != "Azure DevOps Service" | where Area == "Release" | summarize Count = count() by OperationName, bin(TimeGenerated, 1440min), ActorUPN, Details, IpAddress, ScopeDisplayName | summarize sum(Count) | where sum_Count > 0 And I made an alert that takes that query, evaluates the results of one day and sends an email. But when the filtered results come out it doesnt show the other columns that im looking for (ActorUPN, details ...) The query: AzureDevOpsAuditing | where ActorUPN != "Azure DevOps Service" | where Area == "Release" | summarize Count = count() by OperationName, bin_at(TimeGenerated, 1440min, datetime(2022-08-09T20:09:14.0000000Z)), ActorUPN, Details, IpAddress, ScopeDisplayName | summarize sum(Count) | where sum_Count > 0 | extend TimeGenerated = column_ifexists('TimeGenerated', datetime(2022-08-08T20:09:14.0000000Z)) | summarize AggregatedValue = sum(sum_Count) by bin_at(TimeGenerated, 1440m, datetime(2022-08-09T20:09:14.0000000Z)) and show TimeGenerated and AggregatedValue, nothing else.
Filtering data from azure alerts in postman
I am using postman to collect triggered alerts from Microsoft azure, but Iām having trouble filtering the API in postman. Does anyone know how to filter the data, so that I only keep the data if isSuppressed is false? 90% of all the data I am collecting from the API has isSupressed true, but I am only interested in the cases where isSupressed is false. I have added two examples of elements from the API below (without the keys). The URL I am using looks like this: https://management.azure.com/{scope}/providers/Microsoft.AlertsManagement/alerts?api-version=2019-03-01 { "properties": { "essentials": { "severity": "Sev0", "signalType": "Log", "alertState": "New", "monitorCondition": "Fired", "monitorService": "Log Analytics", "actionStatus": { "isSuppressed": true }, } }, }, { "properties": { "essentials": { "severity": "Sev0", "signalType": "Log", "alertState": "New", "monitorCondition": "Fired", "monitorService": "Log Analytics", "actionStatus": { "isSuppressed": false }, } }, },Alert Suppression
Hey there, I think what I'm looking for is alert suppression but as available in Azure Monitor now it doesn't seem to do what I want. I have an event that shows up in the log and, once it gets started, it repeats a lot. What I want is to look for an event in the logs and send an alert when it first occurs. After that I only want an alert every hour or every 4 hours or something. I've always thought of this as a form of suppression but I don't see a way to do this. Thoughts? TIA ~DGM~
Activity Alerts (set up via https://security.microsoft.com/managealerts) are not being received
To test activity alerts, I modified 10 different files in my SharePoint tenant and, though I set the alerts to detect those specific modifications and email me for each one, I only received 2 out of 10 emails. The first two email notifications were received within 10 minutes but, after 8 hours, the other 8 alerts have not been received. I do not see the activity for any of the 10 modifications in the activity log either. The metadata in SharePoint confirms that I made the changes, but the alerts are not being triggered. What can be done to ensure that these activity alerts are triggered with consistency?
Azure monitor cpu time for dynamic threshold
I am trying to setup Azure monitoring alert for my applications, I have issues in setting up correct conditions for dynamic thresholds and the documentation in Microsoft docs is a miss, there is no examples and explanation for common scenarios and used cases. for example, I am trying to setup CPU time threshold, and when I click dynamic on operator condition if I set greater than and on threshold sensivity what is the right choice I set that if cpu time is greater than normal or medium it should notify my action group team. any explanation and best recommendations. thanks
Azure alert on multipel subscriptions
Hi all, i am not sure if this is the rigt place, but here goes. I am working on creating a monitoring solution, and are trying to create some dynamic alert rules. I need them to look on a lot of subscriptions, but when use chose scope, you can only chose one subscription. So i have exported the template and add'ed another subscription in the scopes section, but will it work? This is what the properties section looks like in the template, it is looking on cpu usage over time: "properties": { "description": "Dynamic warning on CPU ussage", "severity": 2, "enabled": true, "scopes": [ "/subscriptions/Sub1", "/subscriptions/Sub2" ], "evaluationFrequency": "PT15M", "windowSize": "PT1H", "criteria": { "allOf": [ { "alertSensitivity": "High", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, "name": "Metric1", "metricNamespace": "microsoft.compute/virtualmachines", "metricName": "Percentage CPU", "operator": "GreaterOrLessThan", "timeAggregation": "Average", "criterionType": "DynamicThresholdCriterion" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" }, Any input is more than welcome š Regards Jan L DamMonitor Alert Failures
I have a number of alert rules I've created that use a workspace function I've created. I've discovered if the function is deleted or changed in such a away that the alert query is no longer valid, the alert will not fire. Unfortunately, as far as I can tell, there is no way to know if a scheduled query alert failed to run because of this. I read that alerts should be disabled when they have an invalid query and reported in Azure Advisor, but that doesn't seem to be the case in this situation. There also doesn't appear to be anything in _LogOperation for this either. So, I need to either be able to write a query that can somehow test for a function and continue to run if it is not valid. Or a way to send an alert when another alert query is invalid or failed. Does anyone know if it is possible to do either of these things?
