I have an Azure Function that every 4 hours runs a database query and writes logs to app insights in case of errors found. I create an Azure Alert rule with this query:
union traces, exceptions
| where message startswith "Reconciliation error" or message startswith "Reconciliation check failed"
Intention is: trigger every 4h, query last 5 hours, and if anything is there, raise alert.
Setting Alert rule granularity: 5h and Frequency of evaluation: 4h means there will be a sliding window, but I just want to run this every 4 hours. Is it possible to achieve hopping window functionality instead?
Note: This docs page metnions a Lookback period "Select how far back to look each time the data is checked. For example, every 1 minute, look back 5 minutes." but I dont see any such option in the portal
Note: This docs metnions a Lookback period "Select how far back to look each time the data is checked. For example, every 1 minute, look back 5 minutes." but I dont see any such option in the portal
The Lookback period option will only be available for metric alerts not for log search alerts. Follow the MS Docs to check Lookback period option in Alert.
When using custom log search, the Lookback period option will not be displayed in the Portal, instead you can set the Override query time range under Advanced.
If you need more fine grained control of the queried time period you can use a query,like:
query | where timestamp > ago(5h)
Note that this will automatically set to Override query time range its maximum of 2 days, as that is what ultimately dictates how much you can actually query.