You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/alerts/alerts-create-log-alert-rule.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ Alerts triggered by these alert rules contain a payload that uses the [common al
43
43
1. On the **Logs** pane, write a query that returns the log events for which you want to create an alert. To use one of the predefined alert rule queries, expand the **Schema and filter** pane on the left of the **Logs** pane. Then select the **Queries** tab, and select one of the queries.
44
44
45
45
Limitations for log search alert rule queries:
46
-
- Log search alert rule queries do not support the 'bag_unpack()', 'pivot()' and 'narrow()' plugins.
46
+
- Log search alert rule queries do not support the 'bag_unpack()', 'pivot()' and 'narrow()' plugins.
47
47
- The word "AggregatedValue" is a reserved word, it cannot be used in the query on Log search Alerts rules.
48
48
- The combined size of all data in the log alert rule properties cannot exceed 64KB.
|Frequency of evaluation|How often the query is run. Can be set anywhere from one minute to one day (24 hours).|
123
123
124
124
> [!NOTE]
125
+
> It is important to note that the frequency is not a specific time that the alert runs every day, but it is how often the alert rule will run.
125
126
> There are some limitations to using a <a name="frequency">one minute</a> alert rule frequency. When you set the alert rule frequency to one minute, an internal manipulation is performed to optimize the query. This manipulation can cause the query to fail if it contains unsupported operations. The following are the most common reasons a query are not supported:
126
127
> * The query contains the **search**, **union** * or **take** (limit) operations
127
128
> * The query contains the **ingestion_time()** function
1. Enter values for the **Alert rule name** and the **Alert rule description**.
169
170
> [!NOTE]
170
171
> Notice that rule that uses **Identity** cannot have the character ";" in the **Alert rule name**
171
-
> Customers cannot set a specific time to run the alert at same time everyday, but they can set frequency to run the alert rule.
172
-
173
172
1. Select the **Region**.
174
173
1. <a name="managed-id"></a>In the **Identity** section, select which identity is used by the log search alert rule to send the log query. This identity is used for authentication when the alert rule executes the log query.
0 commit comments