kql - 搜索查询应包含度量警报类型的“AggregatedValue”和“bin(TimeGenerated, [roundTo])”

问题描述

我想在以下情况下创建警报：

if (incoming_messages of event hub != outgoing_messages of event hub)
then I should get alerted

为此，我在日志分析中创建了一个查询，其中“比较”列显示事件中心的传入和传出消息的差异

但是当我使用以下查询作为“度量测量”来创建警报时.....它给出了以下错误

搜索查询应包含度量警报类型的“AggregatedValue”和“bin(TimeGenerated, [roundTo])”

有人可以告诉我如何解决这个错误，或者有没有其他方法可以为上述场景设置警报？

这是查询

let Incoming_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "IncomingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalIncomingMessages = Count;
let Outgoing_Messages = AzureMetrics
| where ResourceProvider =="MICROSOFT.EVENTHUB"
| where _ResourceId contains "ResourceID-Hidden"
| where TimeGenerated > ago(1h)
| where MetricName contains "OutgoingMessages"
| count | extend CommonCol="Dummy"
| project CommonCol, TotalOutgoingMessages = Count;
Incoming_Messages
| join Outgoing_Messages on CommonCol
| extend Comparison = TotalIncomingMessages - TotalOutgoingMessages
| project TotalOutgoingMessages, TotalIncomingMessages, Comparison

错误截图：

标签： kqlazure-alerts