Merge pull request #262267 from AbbyMSFT/log-limit

Log limit

Author: prmerger-automator[bot]

articles/azure-monitor/alerts/alerts-create-log-alert-rule.md

@@ -31,12 +31,13 @@ Alerts triggered by these alert rules contain a payload that uses the [common al
     - **Signal source**: The service that sends the "Custom log search" and "Log (saved query)" signals.
     Select the **Signal name** and **Apply**.
 
-1.  On the **Logs** pane, write a query that returns the log events for which you want to create an alert.
+1.  On the **Logs** pane, write a query that returns the log events for which you want to create an alert. To use one of the predefined alert rule queries, expand the **Schema and filter** pane on the left of the **Logs** pane. Then select the **Queries** tab, and select one of the queries.
 
-    :::image type="content" source="media/alerts-create-new-alert-rule/alerts-log-rule-query-pane.png" alt-text="Screenshot that shows the Query pane when creating a new log alert rule.":::
-
-    To use one of the predefined alert rule queries, expand the **Schema and filter** pane on the left of the **Logs** pane. Then select the **Queries** tab, and select one of the queries.
+    > [!NOTE]
+    > Log alert rule queries do not support the 'bag_unpack()', 'pivot()' and 'narrow()' plugins.
 
+    :::image type="content" source="media/alerts-create-new-alert-rule/alerts-log-rule-query-pane.png" alt-text="Screenshot that shows the Query pane when creating a new log alert rule.":::
+      
 1. (Optional) If you're querying an ADX or ARG cluster, Log Analytics can't automatically identify the column with the event timestamp, so we recommend that you add a time range filter to the query. For example:
 
     ```KQL
@@ -187,4 +188,4 @@ Alerts triggered by these alert rules contain a payload that uses the [common al
 
 
 ## Next steps
- [View and manage your alert instances](alerts-manage-alert-instances.md)
+ [View and manage your alert instances](alerts-manage-alert-instances.md)