Azure Monitor Alerts
Azure Monitor Alerts proactively notify you when specific conditions are found in your monitoring data. They can trigger actions like emails, webhooks, Azure Functions, or auto-remediation runbooks.
How It Works
Data Source → Alert Rule → Condition Evaluation → Action Group → Notification / Action
Alert Types
1. Metric Alert — CPU Threshold
Triggers when a resource metric crosses a defined threshold.
2. Log Search Alert — Application Errors
Triggers based on a KQL query result count.
KQL Query (used in the alert rule):
// Alert fires if error count > 10 in the last 5 minutes
exceptions
| where timestamp > ago(5m)
| where severityLevel == 3 // Error level
| where cloud_RoleName == "my-api"
| summarize ErrorCount = count()
| where ErrorCount > 10
3. Activity Log Alert — Resource Deletion
Fires when a specific Azure operation occurs (e.g., someone deletes a Key Vault).
4. Action Group — Who Gets Notified
An Action Group is a reusable set of notification targets and automated responses.
Alert Severity Levels
| Severity | Level | Use For |
|---|---|---|
| Sev 0 | Critical | Full outage, data loss |
| Sev 1 | Error | Major feature broken |
| Sev 2 | Warning | Degraded performance |
| Sev 3 | Informational | Non-urgent observations |
| Sev 4 | Verbose | Debug / diagnostic |
Common Metrics to Alert On
| Resource | Metric | Typical Threshold |
|---|---|---|
| Virtual Machine | Percentage CPU |
> 80% |
| App Service | Http5xx |
> 10 / min |
| SQL Database | dtu_consumption_percent |
> 85% |
| Storage Account | Availability |
< 99.9% |
| Key Vault | ServiceApiLatency |
> 1000 ms |
| AKS Nodes | cpuUsagePercentage |
> 75% |
#!/bin/bash
sudo apt update && sudo apt install stress -y
while true; do
stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 60s -v
sleep 30s
done
