I set up a few alerts as log searches over my LAW. They work fine, but I am trying to find a queryable log of firing or changing state, for which I am looking into Alert table. As per the documentation, it is what I need, but in my case this table is absolutely empty. I tried to query it both from the LAW my alerts work over and from Azure Monitor / Logs – result is the same.
Why is this table shown empty to me?
EDIT: I am not sure if it's important, but the alert is defined as follows:
print minute = datetime_part('minute', now())
| where minute < 30
Alerting condition is RowCount > 0. It is simply an alert that changes firing state every 30 minutes. I have two version of the alert: stateful and stateless. The alerts work great and trigger the action group as configured. I am just struggling to match the Microsoft documentation in regard to tables like Alert, AlertHistory.
I set up a few alerts as log searches over my LAW. They work fine, but I am trying to find a queryable log of firing or changing state, for which I am looking into Alert table. As per the documentation, it is what I need, but in my case this table is absolutely empty. I tried to query it both from the LAW my alerts work over and from Azure Monitor / Logs – result is the same.
Why is this table shown empty to me?
EDIT: I am not sure if it's important, but the alert is defined as follows:
print minute = datetime_part('minute', now())
| where minute < 30
Alerting condition is RowCount > 0. It is simply an alert that changes firing state every 30 minutes. I have two version of the alert: stateful and stateless. The alerts work great and trigger the action group as configured. I am just struggling to match the Microsoft documentation in regard to tables like Alert, AlertHistory.
Share Improve this question edited Feb 5 at 5:51 greatvovan asked Feb 5 at 2:42 greatvovangreatvovan 3,1771 gold badge34 silver badges51 bronze badges 3- Can you share the query trying so far! – Jahnavi Commented Feb 5 at 3:58
- Provide more information on what kind of alerts you already configured. Check other tables like AzureDiagnostics, AlertHistory, and AuditLogs since the Alert table remains empty when alerts occur through Log-based alerts. – Lakshan Umesh Commented Feb 5 at 4:32
- Added info. Also the tables you mentioned are also empty, or I am looking at the wrong place. – greatvovan Commented Feb 5 at 6:02
1 Answer
Reset to default 0I have just test, it work well at my side.
Alerts created by log alerts rules and SCOM alerts collected through Alert Management solution.
Check your alert rule has the signal type = log search
My test result: