How can we improve Azure Log Analytics ?

Need ability to exclude time frame for alerts

We would like the ability to exclude time frames from alert management as there could be system downtimes due to maintenance that are throwing alerts that are false positive. Either allow the ability to exclude date/time ranges or globally disable alerts when doing system maintenance and planned downtime

19 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Ron Savoia shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Big thanks to @Stefan – you can filter for specific time period using the new query language of log analytics; which in-turn can be used in OMS Alerts to skip over specific times.

Regarding the ask for making global maintenance windows in Azure – we are working on the same and we’ll intimate you soon when we are ready with the functionality. Thanks again for your idea and feedback for Azure.

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Rob commented  ·   ·  Flag as inappropriate

    We configure our alerts against metrics not queries and via this method there is no way to silent alerts during nightly jobs. Please introduce a way to exclude time periods.

  • Stefan commented  ·   ·  Flag as inappropriate

    With the new query language you can filter. For instance events that occur between 7am and 7pm:

    Event | where TimeGenerated >= ago(24h) | extend TimeStart = startofday(TimeGenerated)+7h| extend TimeEnd = startofday(TimeGenerated)+19h| where TimeGenerated between (TimeStart..TimeEnd) | where <your filter here

    (p.s. i am just another user, not a MS developer)

  • Jake Edwards commented  ·   ·  Flag as inappropriate

    We have a nightly maintenance window that triggers an alert. If the alert came at any other time, we'd want to know about it, but this particular alert will always trigger nightly if it's not suppressed somehow.

    If there were enough date functions I could use my Log Search to Exclude the "hour" of maintenance period... otherwise, an alert-level "quiet" window would be good.

Feedback and Knowledge Base