我有一个带有筛选器的自定义指标的 Azure Monitor 警报。自定义日志查询如下所示:
customMetrics
| where name == 'MyMetricName'
| where cloud_RoleInstance == 'MyInstanceName'
| summarize AggregatedValue = sum(valueCount) by bin(timestamp, 5m)
我想在 sum(valueCount) == 0 时收到警报。为此,我指定“度量标准”=>“小于”=> 1。只要发出度量标准的服务正在运行,它就可以正常工作。当它停止时,没有指标,上面的查询也不会返回任何记录——这就是 Kusto 中聚合函数的工作方式。正因为如此,警报永远不会触发:(。有什么想法可以做到吗?
您要考虑的一个选项是切换summarize到make-series并指定kind=nonempty
https://docs.microsoft.com/en-us/azure/kusto/query/make-seriesoperator
我只是按照 Yoni 的建议结合了 make-series 并想出了这个变体。我在我的一个 Perf 日志分析表上尝试了这个,它奏效了。检查你的情况并告诉我。
let data = customMetrics
| where name == 'MyMetricName'
| where cloud_RoleInstance == 'MyInstanceName'
| make-series kind = nonempty SumValue= sum(CounterValue) on timestamp from ago(30m) to now() step 5m // checking 30m interval this will equal assuming alert period = 30m
| mvexpand timestamp, SumValue
| where SumValue <= 1 // Filtering those 5 min time intervals where there is no data
| project todatetime(timestamp) , SumValue;
data
| summarize AggregatedValue = count() by bin(timestamp, 30m) // This will also be equal to alert period assuming 30 minutes