Configuring and Managing Alerts in Application Insights

Azure Application Insights is a powerful Application Performance Management (APM) service that helps you monitor your live web applications. One of its most critical features is the ability to set up alerts, which notify you when specific conditions are met, allowing you to proactively address issues before they impact your users.

Why Use Application Insights Alerts?

Alerts are essential for maintaining the health and performance of your applications. They can help you detect:

  • Performance degradations (e.g., increased response times).
  • High error rates.
  • Availability issues.
  • Unusual usage patterns.
  • Resource utilization spikes.

Types of Alerts

Application Insights offers various alert types:

  • Metric Alerts: Triggered when a specific metric (like server response time, request count, or failed request rate) crosses a defined threshold.
  • Activity Log Alerts: Triggered by events in the Azure Activity Log, such as service health incidents or changes to resource configurations.
  • Log Search Alerts: Triggered when a custom Kusto Query Language (KQL) query returns a certain number of results within a specified time window. This is incredibly powerful for detecting complex issues based on custom logs or traces.

Creating a Metric Alert

Follow these steps to create a metric alert:

  1. Navigate to your Application Insights resource in the Azure portal.
  2. In the left-hand menu, under "Monitoring," select "Alerts."
  3. Click on "Create" and then "Alert rule."
  4. Scope: Ensure your Application Insights resource is selected.
  5. Condition:
    • Click "Add condition."
    • Select the Signal name (e.g., "Server response time").
    • Configure the Alert logic: choose the Threshold (e.g., "Static" or "Dynamic"), Operator (e.g., "Greater than"), and Threshold value (e.g., "500" milliseconds).
    • Set the Aggregation granularity (Period) and Frequency of evaluation.
  6. Actions:
    • Click "Add actions."
    • Select an Action group or create a new one. Action groups define what happens when an alert fires (e.g., send an email, trigger an SMS, call a webhook, run an Azure Function).
  7. Details:
    • Provide a descriptive Alert rule name (e.g., "High Server Response Time").
    • Add a Description.
    • Choose the Severity (e.g., Sev 1, Sev 2, Sev 3, Sev 4).
  8. Review and create the alert rule.
Tip: Dynamic thresholds can automatically adapt to your application's normal behavior, reducing false positives.

Creating a Log Search Alert

Log search alerts are highly customizable. Here's a basic example to alert on a high number of failed requests:

  1. Navigate to your Application Insights resource and select "Alerts."
  2. Click "Create" > "Alert rule."
  3. Scope: Select your Application Insights resource.
  4. Condition:
    • Click "Add condition."
    • Select "Log search" as the Signal type.
    • Enter your KQL query. For example, to find failed requests in the last 5 minutes: 
      requests
    | where success == false
    | where timestamp > ago(5m)
    • Set the Measure to "Number of results."
    • Configure the Alert logic: "Greater than" and a Threshold value (e.g., "10").
    • Set the Frequency of evaluation (e.g., "Every 5 minutes").
  5. Actions: Configure your desired action group.
  6. Details: Provide a name, description, and severity.
  7. Review and create.
Important: Properly tune your KQL queries and thresholds for log search alerts to avoid alert fatigue. Test your queries thoroughly before enabling alerts.

Managing Alerts

Once configured, you can manage your alert rules from the "Alerts" section of your Application Insights resource:

  • View Alerts: See a history of fired alerts.
  • Manage Alert Rules: Enable, disable, edit, or delete existing alert rules.
  • Action Groups: Configure notification methods and automation tasks.
Consider using Azure Logic Apps or Azure Functions triggered by webhooks from your action groups for more advanced automated remediation.

Best Practices for Alerting

  • Define clear thresholds: Understand your application's normal behavior.
  • Use appropriate severity levels: Help prioritize responses.
  • Group actions effectively: Ensure the right people are notified.
  • Keep alerts actionable: Alerts should provide enough context to understand and resolve the issue.
  • Regularly review and tune alerts: As your application evolves, so should your alerting strategy.
  • Monitor alert fatigue: Too many non-actionable alerts can lead to them being ignored.

Related Topics