Unfortunately have an issue with cross-resource query use in LA Log Alerts. The team is working to unblock this currently.
Planned/resolved as part of new Azure Alerts update – now available in public preview: https://azure.microsoft.com/en-us/blog/new-alerts-preview-in-azure-monitor/
OMS Portal is scheduled for an update - which would possibly address these issues regarding rendering.
Till then we suggest you try using - the new Alerts (Preview) on Azure Portal. Running on the Azure Portal which uses a newer interface engine and design - it is compatible with all modern browsers including Safari on MacOS. We have recently launched the public preview of Azure Alerts (Preview) and it allows you to create as well as manage in a singular interface all your alerts - including OMS Log Analytics based Alerts and Azure Monitor based Alerts. More details available on Azure blog: https://azure.microsoft.com/en-us/blog/new-alerts-preview-in-azure-monitor/
41 votesunder review · 4 comments · Log Analytics » Alert Management Solution · Flag idea as inappropriate… · Admin →
Time window for Log Analytics based Alerts is restricted to 24 hours; to limit load of queries on log analytics and prevent abuse of the system. For your portal a query over a week for specific message is limited to one or few items; but for others who are not as discrete, the return could be in hundreds or thousands of records which can overwhelm the system for everyone. In the current model and scale of Log Analytics, as a public service for everyone in Azure - we have tried to balance between the needs of some and keeping miscreants at bay.
We have found that 24 hours windows works for most use cases and scenarios with minor modification or adjustment. Even in your scenario, I think we can make alerts work with 24 hr window with some adjustments: by creating an alert for the specific message/record (say) X, every day and if count is more than 1 - it fires an email notification (if needed). Since the message arrives irregularly, the alert will get fired whenever the message is seen and you can track, if it arrived or not for specific days. Also every time the alert is fired, its recorded as part of Audit Log; allowing you to then use Log Analytics to further aggregate, plot and combine this info with other details of from other sources/logs - to pinpoint where things may be going wrong.