Working with search queries and alert rules

Alerts in OMS are created using search queries that are run at regular intervals. These alerts are stored in the OMS repository and can be retrieved and queried with a log search query. Alert data records in OMS can be analyzed using the Alert Management solution which we will review later on this chapter. Furthermore OMS allows for the integration of monitoring into your existing event management workflows, and also enables you to centrally monitor and manage work items across your ITSM products/ services.

In Log Analytics, you can create an alert from a log query. To generate an alert from a log query, you will need to define an alert rule in which you specify a search criteria with a log query, and run the query at regular intervals. An alert is then created when the query returns alert record results that match the defined criteria. With this concept in mind, you can generate alerts based on any data indexed in the Log Analytics repository.