Alerts based on Metrics, e.g. if the processor time goes over 95% for 5 Minutes etc.
Log alerts support metric measurement rules, which allow you to compute time series like process time for chosen interval like 5 mins and alert for total or continuous breach of the threshold. More more details, see: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log#metric-measurement-alert-rules
Tony Cullen commented
Under failed logins we would like to Alert via via a custom email to either the end user or to our service desk that a user had x number of failed logins within a set time e.g. 60 minutes
Mike Shir commented
Could you please confirm my understanding of how performance counter alerts work.
- OMS Agent sends metric to Azure OMS based on the sampling interval
- Azure OMS aggregates (averages) the data every 30 minutes.
- Queries return the average performance counter in the "Logs" tab
- You can drill down to the graph of the underlying, sampled data in the "Metrics" tab
- Alerting are generated based on the average performance counter.
If CPU spikes to 100% for 15 minutes then the 30 minutes interval will only report 50% utilization.