MicrosoftDocs
diff --git a/‎articles/azure-monitor/alerts/alerts-common-schema.md
Lines changed: 12 additions & 11 deletions b/‎articles/azure-monitor/alerts/alerts-common-schema.md
Lines changed: 12 additions & 11 deletions
@@ -10,7 +10,7 @@ ms.author: abbyweisberg
 
 # Common alert schema
 
-The common alert schema standardizes the consumption of Azure Monitor alert notifications. Historically, activity log, metric, and log alerts each had their own email templates and webhook schemas. The common alert schema provides one standardized schema for all alert notifications. 
+The common alert schema standardizes the consumption of Azure Monitor alert notifications. Historically, activity log, metric, and log search alerts each had their own email templates and webhook schemas. The common alert schema provides one standardized schema for all alert notifications. 
 
 Using a standardized schema helps minimize the number of integrations, which simplifies the process of managing and maintaining your integrations. The common schema enables a richer alert consumption experience in both the Azure portal and the Azure mobile app.
 
@@ -102,8 +102,8 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
 | signalType | Identifies the signal on which the alert rule was defined. Possible values are Metric, Log, or Activity Log. |
 | monitorCondition | When an alert fires, the alert's monitor condition is set to **Fired**. When the underlying condition that caused the alert to fire clears, the monitor condition is set to **Resolved**.   |
 | monitoringService | The monitoring service or solution that generated the alert. The monitoring service determines which fields are in the alert context. |
-| alertTargetIDs | The list of the Azure Resource Manager IDs that are affected targets of an alert. For a log alert defined on a Log Analytics workspace or Application Insights instance, it's the respective workspace or application. |
-| configurationItems |The list of affected resources of an alert.<br>In some cases, the configuration items can be different from the alert targets. For example, in metric-for-log or log alerts defined on a Log Analytics workspace, the configuration items are the actual resources sending the data, and not the workspace.<br><ul><li>In the log alerts API (Scheduled Query Rules) v2021-08-01, the `configurationItem` values are taken from explicitly defined dimensions in this priority: `_ResourceId`, `ResourceId`, `Resource`, `Computer`.</li><li>In earlier versions of the log alerts API, the `configurationItem` values are taken implicitly from the results in this priority: `_ResourceId`, `ResourceId`, `Resource`, `Computer`.</li></ul>In ITSM systems, the `configurationItems` field is used to correlate alerts to resources in a configuration management database. |
+| alertTargetIDs | The list of the Azure Resource Manager IDs that are affected targets of an alert. For a log search alert defined on a Log Analytics workspace or Application Insights instance, it's the respective workspace or application. |
+| configurationItems |The list of affected resources of an alert.<br>In some cases, the configuration items can be different from the alert targets. For example, in metric-for-log or log search alerts defined on a Log Analytics workspace, the configuration items are the actual resources sending the data, and not the workspace.<br><ul><li>In the log search alerts API (Scheduled Query Rules) v2021-08-01, the `configurationItem` values are taken from explicitly defined dimensions in this priority: `_ResourceId`, `ResourceId`, `Resource`, `Computer`.</li><li>In earlier versions of the log search alerts API, the `configurationItem` values are taken implicitly from the results in this priority: `_ResourceId`, `ResourceId`, `Resource`, `Computer`.</li></ul>In ITSM systems, the `configurationItems` field is used to correlate alerts to resources in a configuration management database. |
 | originAlertId | The ID of the alert instance, as generated by the monitoring service generating it. |
 | firedDateTime | The date and time when the alert instance was fired in Coordinated Universal Time (UTC). |
 | resolvedDateTime | The date and time when the monitor condition for the alert instance is set to **Resolved** in UTC. Currently only applicable for metric alerts.|
@@ -230,12 +230,12 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
 }
 ```
 
-## Alert context fields for Log alerts
+## Alert context fields for log search alerts
 
 > [!NOTE]
-> When you enable the common schema, the fields in the payload are reset to the common schema fields. Therefore, log alerts have these limitations regarding the common schema:
-> - The common schema is not supported for log alerts using webhooks with a custom email subject and/or JSON payload, since the common schema overwrites the custom configurations.
-> - Alerts using the common schema have an upper size limit of 256 KB per alert. If the log alerts payload includes search results that cause the alert to exceed the maximum size, the search results aren't embedded in the log alerts payload. You can check if the payload includes the search results with the `IncludedSearchResults` flag. Use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get) if the search results are not included.
+> When you enable the common schema, the fields in the payload are reset to the common schema fields. Therefore, log search alerts have these limitations regarding the common schema:
+> - The common schema is not supported for log search alerts using webhooks with a custom email subject and/or JSON payload, since the common schema overwrites the custom configurations.
+> - Alerts using the common schema have an upper size limit of 256 KB per alert. If the log search alerts payload includes search results that cause the alert to exceed the maximum size, the search results aren't embedded in the log search alerts payload. You can check if the payload includes the search results with the `IncludedSearchResults` flag. Use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get) if the search results are not included.
 
 |Field  |Description  |
 |---------|---------|
@@ -270,7 +270,7 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
 
 
 
-### Sample log alert when the monitoringService = Log Analytics
+### Sample log search alert when the monitoringService = Log Analytics
 
 ```json
 {
@@ -344,7 +344,7 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
   }
 }
 ```
-### Sample log alert when the monitoringService = Application Insights
+### Sample log search alert when the monitoringService = Application Insights
 
 ```json
 {
@@ -414,10 +414,10 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
   }
 }
 ```
-### Sample log alert when the monitoringService = Log Alerts V2
+### Sample log search alert when the monitoringService = Log Alerts V2
 
 > [!NOTE]
-> Log alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log alerts payload when you use this version. Use [dimensions](./alerts-unified-log.md#split-by-alert-dimensions) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
+> Log search alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-unified-log.md#split-by-alert-dimensions) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
 
 ```json
 {
@@ -463,6 +463,7 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
 ## Alert context fields for activity log alerts
 
 See [Azure activity log event schema](../essentials/activity-log-schema.md) for detailed information about the fields in activity log alerts.
+
 ### Sample activity log alert when the monitoringService = Activity Log - Administrative
 
 ```json