Simple Trick to Stay on top of your Azure Data Lake: Create Alerts using Log Analytics


If you manage one or more Azure Data Lake accounts, do you ever find it hard to stay on top of everything that is happening? Ever feel the need to know more about them? Are you regularly asking yourself any or all of these questions:

  • What are our most expensive jobs ?
  • When was a new data folder created in [path]?
  • When did a file get deleted from our [data/compliance/telemetry/other] folder?

Creating Azure Log Analytics alerts for your Azure Data Lake accounts can help you know when specific events happen, or when a metric reaches a defined threshold. In this post I'll show you how to reduce the level of unknowns when working with Azure Data Lake using Azure Log Analytics alerts - it's easy to get started:

Connect your Azure Data Lake account to Log Analytics

Follow the steps in our previous blog post on Log Analytics to connect your accounts and start collecting usage and diagnostics logs.

Create the Log Analytics Alert

Open Log Analytics, and navigate to the Alerts section towards the bottom of the table of contents.

Figure 1: Log Analytics - Alerts

 

In the Log Analytics Alert blade, click on New Alert Rule to create a new alert.

Figure 2: Log Analytics - New alert

 

The first part of the rule, the target, should already be selected – using the current Log Analytics account. For the second part – the criteria, click the button to add the conditions for the alert.

Figure 3: Log Analytics alert criteria settings

 

To configure the alert signal, select Custom Log Search.

Figure 4: Custom query for an alert

  • In the Search query field,  paste the specific query that will trigger the alert. For this example, we will track when a new folder is created in a Data Lake Store account:

    Figure 5: Log search query

 

  • The alert logic can be based on a number of results such as the total number of events tracked (create a folder in Data Lake Store, submit a job in Data Lake Analytics, etc), or a specific metric value such as a sum of the events or aggregation of values from the query (total data read, total number of AUs assigned, total duration of the jobs ran in a window of time, etc).

    Figure 6: The two main types of alerts - based on number of results or a single metric value

 

  • The period and frequency indicate the rolling window of time that needs to be evaluated, and how frequently to check it, respectively.

In the Define alert detail section, we can enter some descriptive details, including the severity for the alert.

Figure 7: Default alert details

 

Next, let's create a new action group where we can add people or groups to notify and the specific action to take, such as email, SMS, etc.

Figure 8: Action group details

 

It is possible to create complex combinations of emails, SMS, or other notifications for specific users and groups. In this example, the team will be emailed:

Figure 9: Action group settings

 

Once the action group is created it will be added to the definition, save the alerts settings, and you're done.

The rule will be displayed in the list of alerts:

Figure 10: Updated alert criteria

 

Conclusion

In this blog post, I've shown you how to configure alerts for your Azure Data Lake accounts. These alerts can notify you of specific events or metric values that are relevant to you and your organization and will help you to proactively act on events, optimize costs, and understand usage trends. Try these simple steps to enable alerts, and let us know how they are helping you stay on top of your Azure Data Lake usage or costs - leave us a comment and share your experiences for others to build on. Have a specific need or scenario? Send your feature requests to our Azure Data Lake UserVoice forum.

Based on your comments and suggestions, we will cover useful and interesting events and metrics that you can plug-in into alerts. Stay tuned!

Comments (0)

Skip to main content