Need ability to exclude time frame for alerts
We would like the ability to exclude time frames from alert management as there could be system downtimes due to maintenance that are throwing alerts that are false positive. Either allow the ability to exclude date/time ranges or globally disable alerts when doing system maintenance and planned downtime
Big thanks to @Stefan – you can filter for specific time period using the new query language of log analytics; which in-turn can be used in OMS Alerts to skip over specific times.
Regarding the ask for making global maintenance windows in Azure – we are working on the same and we’ll intimate you soon when we are ready with the functionality. Thanks again for your idea and feedback for Azure.
We configure our alerts against metrics not queries and via this method there is no way to silent alerts during nightly jobs. Please introduce a way to exclude time periods.
With the new query language you can filter. For instance events that occur between 7am and 7pm:
Event | where TimeGenerated >= ago(24h) | extend TimeStart = startofday(TimeGenerated)+7h| extend TimeEnd = startofday(TimeGenerated)+19h| where TimeGenerated between (TimeStart..TimeEnd) | where <your filter here
(p.s. i am just another user, not a MS developer)
Jake Edwards commented
We have a nightly maintenance window that triggers an alert. If the alert came at any other time, we'd want to know about it, but this particular alert will always trigger nightly if it's not suppressed somehow.
If there were enough date functions I could use my Log Search to Exclude the "hour" of maintenance period... otherwise, an alert-level "quiet" window would be good.