Merge pull request #266387 from KennedyDenMSFT/US208227-2

Migrate to "log search alert" terminology from prior terms

Author: v-regandowner

articles/azure-monitor/agents/agents-overview.md

@@ -277,7 +277,7 @@ An agent is only required to collect data from the operating system and workload
 
 ### How can I be notified when data collection from the Log Analytics agent stops?
 
-Use the steps described in [Create a new log alert](../alerts/alerts-metric.md) to be notified when data collection stops. Use the following settings for the alert rule:
+Use the steps described in [Create a new log search alert](../alerts/alerts-metric.md) to be notified when data collection stops. Use the following settings for the alert rule:
 
 - **Define alert condition**: Specify your Log Analytics workspace as the resource target.
 - **Alert criteria**:
@@ -289,7 +289,7 @@ Use the steps described in [Create a new log alert](../alerts/alerts-metric.md)
    - **Name**: *Data collection stopped*.
    - **Severity**: *Warning*.
 
-Specify an existing or new [action group](../alerts/action-groups.md) so that when the log alert matches criteria, you're notified if you have a heartbeat missing for more than 15 minutes.
+Specify an existing or new [action group](../alerts/action-groups.md) so that when the log search alert matches criteria, you're notified if you have a heartbeat missing for more than 15 minutes.
 
 ### Will Azure Monitor Agent support data collection for the various Log Analytics solutions and Azure services like Microsoft Defender for Cloud and Microsoft Sentinel?
 

articles/azure-monitor/alerts/alerts-common-schema.md

@@ -417,7 +417,7 @@ For sample alerts that use the common schema, see [Sample alert payloads](alerts
 ### Sample log search alert when the monitoringService = Log Alerts V2
 
 > [!NOTE]
-> Log search alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-unified-log.md#split-by-alert-dimensions) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
+> Log search alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions-1) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
 
 ```json
 {

articles/azure-monitor/alerts/alerts-log-webhook.md

@@ -248,7 +248,7 @@ The following table lists default webhook action properties and their custom JSO
 | `SearchQuery` |#searchquery |Log search query used by the alert rule. |
 | `SearchResults` |"IncludeSearchResults": true|Records returned by the query as a JSON table, limited to the first 1,000 records. "IncludeSearchResults": true is added in a custom JSON webhook definition as a top-level property. |
 | `Dimensions` |"IncludeDimensions": true|Dimensions value combinations that triggered that alert as a JSON section. "IncludeDimensions": true is added in a custom JSON webhook definition as a top-level property. |
-| `Alert Type`| #alerttype | The type of log search alert rule configured as [Metric measurement or Number of results](./alerts-unified-log.md#measure).|
+| `Alert Type`| #alerttype | The type of log search alert rule configured as [Metric measurement or Number of results](./alerts-types.md#log-alerts).|
 | `WorkspaceID` |#workspaceid |ID of your Log Analytics workspace. |
 | `Application ID` |#applicationid |ID of your Application Insights app. |
 | `Subscription ID` |#subscriptionid |ID of your Azure subscription used. |

articles/azure-monitor/alerts/alerts-manage-alerts-previous-version.md

@@ -42,7 +42,7 @@ The current alert rule wizard is different from the earlier experience:
 
 1. Edit the alert rule conditions by using these sections:
     - **Search query**: In this section, you can modify your query.
-    - **Alert logic**: Log search alerts can be based on two types of [measures](./alerts-unified-log.md#measure):
+    - **Alert logic**: Log search alerts can be based on two types of [measures](./alerts-types.md#log-alerts):
         1. **Number of results**: Count of records returned by the query.
         1. **Metric measurement**: **Aggregate value** is calculated by using `summarize` grouped by the expressions chosen and the [bin()](/azure/data-explorer/kusto/query/binfunction) selection. For example:
             ```Kusto
@@ -52,7 +52,7 @@ The current alert rule wizard is different from the earlier experience:
             or SeverityLevel== "err" // SeverityLevel is used in Syslog (Linux) records
             | summarize AggregatedValue = count() by Computer, bin(TimeGenerated, 15m)
             ```
-        For metric measurements alert logic, you can specify how to [split the alerts by dimensions](./alerts-unified-log.md#split-by-alert-dimensions) by using the **Aggregate on** option. The row grouping expression must be unique and sorted.
+        For metric measurements alert logic, you can specify how to [split the alerts by dimensions](./alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions) by using the **Aggregate on** option. The row grouping expression must be unique and sorted.
         
         The [bin()](/azure/data-explorer/kusto/query/binfunction) function can result in uneven time intervals, so the alert service automatically converts the [bin()](/azure/data-explorer/kusto/query/binfunction) function to a [binat()](/azure/data-explorer/kusto/query/binatfunction) function with appropriate time at runtime to ensure results with a fixed point.
         
@@ -61,14 +61,14 @@ The current alert rule wizard is different from the earlier experience:
         
         :::image type="content" source="media/alerts-log/aggregate-on.png" lightbox="media/alerts-log/aggregate-on.png" alt-text="Screenshot that shows Aggregate on.":::
 
-    - **Period**: Choose the time range over which to assess the specified condition by using the [Period](./alerts-unified-log.md#query-time-range) option.
+    - **Period**: Choose the time range over which to assess the specified condition by using the [Period](./alerts-types.md) option.
 
 1. When you're finished editing the conditions, select **Done**.
-1. Use the preview data to set the [Operator, Threshold value](./alerts-unified-log.md#threshold-and-operator), and [Frequency](./alerts-unified-log.md#frequency).
-1. Set the [number of violations to trigger an alert](./alerts-unified-log.md#number-of-violations-to-trigger-alert) by using **Total** or **Consecutive breaches**.
+1. Use the preview data to set the [Operator, Threshold value](./alerts-types.md), and [Frequency](./alerts-types.md).
+1. Set the [number of violations to trigger an alert](./alerts-types.md) by using **Total** or **Consecutive breaches**.
 1. Select **Done**.
 1. You can edit the rule **Description** and **Severity**. These details are used in all alert actions. You can also choose to not activate the alert rule on creation by selecting **Enable rule upon creation**.
-1. Use the [Suppress Alerts](./alerts-unified-log.md#state-and-resolving-alerts) option if you want to suppress rule actions for a specified time after an alert is fired. The rule will still run and create alerts, but actions won't be triggered to prevent noise. The **Mute actions** value must be greater than the frequency of the alert to be effective.
+1. Use the [Suppress Alerts](./alerts-processing-rules.md) option if you want to suppress rule actions for a specified time after an alert is fired. The rule will still run and create alerts, but actions won't be triggered to prevent noise. The **Mute actions** value must be greater than the frequency of the alert to be effective.
    <!-- convertborder later -->
    :::image type="content" source="media/alerts-log/AlertsPreviewSuppress.png" lightbox="media/alerts-log/AlertsPreviewSuppress.png" alt-text="Screenshot that shows the Alert Details pane." border="false":::
 1. To make alerts stateful, select **Automatically resolve alerts (preview)**.
@@ -137,7 +137,7 @@ New-AzResourceGroupDeployment -Name AlertDeployment -ResourceGroupName ResourceG
 
 ## Next steps
 
-* Learn about [log search alerts](./alerts-unified-log.md).
+* Learn about [log search alerts](./alerts-types.md#log-alerts).
 * Create log search alerts by using [Azure Resource Manager templates](./alerts-log-create-templates.md).
 * Understand [webhook actions for log search alerts](./alerts-log-webhook.md).
 * Learn more about [log queries](../logs/log-query-overview.md).

articles/azure-monitor/alerts/alerts-metric-logs.md

@@ -673,5 +673,5 @@ az deployment group create --resource-group myRG --template-file metricfromLogsA
 ## Next steps
 
 - Learn more about the [metric alerts](../alerts/alerts-metric.md).
-- Learn about [log search alerts in Azure](./alerts-unified-log.md).
+- Learn about [log search alerts in Azure](./alerts-types.md#log-alerts).
 - Learn about [alerts in Azure](./alerts-overview.md).

articles/azure-monitor/alerts/alerts-payload-samples.md

@@ -328,7 +328,7 @@ The following are sample metric alert payloads.
 ### Log search alert with monitoringService = Log Alerts V2
 
 > [!NOTE]
-> Log search alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-unified-log.md#split-by-alert-dimensions) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
+> Log search alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions-1) to provide context to fired alerts. You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
 
 ```json
 {
@@ -955,7 +955,7 @@ The following are sample metric alert payloads.
 #### Test action log search alert V2
 
 > [!NOTE]
-> Log search alerts rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-unified-log.md#split-by-alert-dimensions) to provide context to fired alerts.
+> Log search alerts rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log search alerts payload when you use this version. Use [dimensions](./alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions-1) to provide context to fired alerts.
 
 You can also use `LinkToFilteredSearchResultsAPI` or `LinkToSearchResultsAPI` to access query results with the [Log Analytics API](/rest/api/loganalytics/dataaccess/query/get). If you must embed the results, use a logic app with the provided links to generate a custom payload.
 

articles/azure-monitor/alerts/alerts-troubleshoot-log.md

@@ -12,7 +12,7 @@ ms.reviewer: yalavi
 
 This article describes how to resolve common issues with log search alerts in Azure Monitor. It also provides solutions to common problems with the functionality and configuration of log search alerts.
 
-You can use log search alerts to evaluate resources logs every set frequency by using a [Log Analytics](../logs/log-analytics-tutorial.md) query, and fire an alert that's based on the results. Rules can trigger one or more actions using [Action Groups](./action-groups.md). To learn more about functionality and terminology of log search alerts, see [Log search alerts in Azure Monitor](alerts-unified-log.md).
+You can use log search alerts to evaluate resources logs every set frequency by using a [Log Analytics](../logs/log-analytics-tutorial.md) query, and fire an alert that's based on the results. Rules can trigger one or more actions using [Action Groups](./action-groups.md). To learn more about functionality and terminology of log search alerts, see [Log search alerts in Azure Monitor](alerts-types.md#log-alerts).
 
 > [!NOTE]
 > This article doesn't consider cases where the Azure portal shows that an alert rule was triggered but a notification isn't received. For such cases, see [Action or notification on my alert did not work as expected](./alerts-troubleshoot.md#action-or-notification-on-my-alert-did-not-work-as-expected).
@@ -45,9 +45,9 @@ When you create a log search alert rule with system-assigned managed identity, t
 
 ### Metric measurement alert rule with splitting using the legacy Log Analytics API
 
-[Metric measurement](alerts-unified-log.md#calculation-of-a-value) is a type of log search alert that's based on summarized time series results. You can use these rules to group by columns to [split alerts](alerts-unified-log.md#split-by-alert-dimensions). If you're using the legacy Log Analytics API, splitting doesn't work as expected because it doesn't support grouping.
+[Metric measurement](alerts-types.md#log-alerts) is a type of log search alert that's based on summarized time series results. You can use these rules to group by columns to [split alerts](alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions-1). If you're using the legacy Log Analytics API, splitting doesn't work as expected because it doesn't support grouping.
 
-You can use the current ScheduledQueryRules API to set **Aggregate On** in [Metric measurement](alerts-unified-log.md#calculation-of-a-value) rules, which work as expected. To learn more about switching to the current ScheduledQueryRules API, see [Upgrade to the current Log Alerts API from legacy Log Analytics Alert API](./alerts-log-api-switch.md).
+You can use the current ScheduledQueryRules API to set **Aggregate On** in [Metric measurement](alerts-types.md#log-alerts) rules, which work as expected. To learn more about switching to the current ScheduledQueryRules API, see [Upgrade to the current Log Alerts API from legacy Log Analytics Alert API](./alerts-log-api-switch.md).
 
 ### Override query time range
 
@@ -106,7 +106,7 @@ For details about the number of log search alert rules per subscription and maxi
 If you've reached the quota limit, the following steps might help resolve the issue.
 
 1. Delete or disable log search alert rules that aren’t used anymore.
-1. Use [splitting of alerts by dimensions](alerts-unified-log.md#split-by-alert-dimensions) to reduce rules count. These rules can monitor many resources and detection cases.
+1. Use [splitting of alerts by dimensions](alerts-types.md#monitor-the-same-condition-on-multiple-resources-using-splitting-by-dimensions-1) to reduce rules count. These rules can monitor many resources and detection cases.
 1. If you need the quota limit to be increased, continue to open a support request, and provide the following information:
 
     - The Subscription IDs and Resource IDs for which the quota limit needs to be increased
@@ -212,6 +212,6 @@ Try the following steps to resolve the problem:
 
 ## Next steps
 
-- Learn about [log search alerts in Azure](./alerts-unified-log.md).
+- Learn about [log search alerts in Azure](./alerts-types.md#log-alerts).
 - Learn more about [configuring log search alerts](../logs/log-query-overview.md).
 - Learn more about [log queries](../logs/log-query-overview.md).

articles/azure-monitor/alerts/alerts-troubleshoot-metric.md

@@ -86,7 +86,7 @@ For more information about collecting data from the guest operating system of a
 > [!NOTE]
 > If you configured guest metrics to be sent to a Log Analytics workspace, the metrics appear under the Log Analytics workspace resource and start showing data *only* after you create an alert rule that monitors them. To do so, follow the steps to [configure a metric alert for logs](./alerts-metric-logs.md#configuring-metric-alert-for-logs).
 
-Currently, monitoring a guest metric for multiple virtual machines with a single alert rule isn't supported by metric alerts. But you can use a [log search alert rule](./alerts-unified-log.md). To do so, make sure the guest metrics are collected to a Log Analytics workspace and create a log search alert rule on the workspace.
+Currently, monitoring a guest metric for multiple virtual machines with a single alert rule isn't supported by metric alerts. But you can use a [log search alert rule](./alerts-types.md#log-alerts). To do so, make sure the guest metrics are collected to a Log Analytics workspace and create a log search alert rule on the workspace.
 
 ## Can't find the metric dimension to alert on
 

articles/azure-monitor/alerts/api-alerts.md

@@ -406,5 +406,5 @@ armclient put /subscriptions/{Subscription ID}/resourceGroups/{Resource Group Na
 ## Next steps
 
 * Use the [REST API to perform log searches](../logs/log-query-overview.md) in Log Analytics.
-* Learn about [log search alerts in Azure Monitor](./alerts-unified-log.md).
+* Learn about [log search alerts in Azure Monitor](./alerts-types.md#log-alerts).
 * Learn how to [create, edit, or manage log search alert rules in Azure Monitor](./alerts-log.md).

articles/azure-monitor/alerts/resource-manager-alerts-log.md

@@ -472,7 +472,7 @@ resource alert 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = {
 
 ## Number of results template (up to version 2018-04-16)
 
-The following sample creates a [number of results alert rule](../alerts/alerts-unified-log.md#result-count).
+The following sample creates a [number of results alert rule](../alerts/alerts-types.md#log-alerts).
 
 ### Notes
 
@@ -614,7 +614,7 @@ resource logQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
 
 ## Metric measurement template (up to version 2018-04-16)
 
-The following sample creates a [metric measurement alert rule](../alerts/alerts-unified-log.md#calculation-of-a-value).
+The following sample creates a [metric measurement alert rule](../alerts/alerts-types.md#log-alerts).
 
 ### Template file