Question posted in 
I’m new to Azure App insights and I’m creating an azure alert based on app insights logs. I have a simple KQL query here which returns a result when the exception count is above 10. I’m looking for ways to make it a little bit dynamic but having trouble to find the answer. I want to trigger the alert when the exception count is higher than usual for the past few evaluations. Is it achievable just using a KQL query?
exceptions
| where customDimensions.EventName == 'FunctionCompleted'
| summarize Count= count() by operation_Name
| where Count > 10
2
Answers
Would comparing the previous period work in your use case? You can partition in terms of time windows and compare against that.
To create a dynamic threshold alert for a KQL query, the detailed steps are given below.
KQL query:
Once the given query has provided successful results, click on the
New alert ruleoption as shown below to create a dynamic alert rule with acustom log search.Note: As I do not have any exceptions table results in my environment, I have just taken
App Exceptionswhich is similar to exceptions for better understanding.Once you click on it, it opens the below screen, and you can be able to see the
custom log searchoption with the required query as shown below.Now provide the dynamic threshold value and also the other required fields of an alert logic according to your requirement to trigger the alerts automatically.
Refer MSDoc for more detailed information.
Once the alert rule has been created, click on Next and it redirects you to the below page which is an
Action group.You can select the Action type to receive the notification whenever the alert has been triggered.
Reference Blog on working with different action types.
Once the above is done, you are now ready to receive the notifications or alerts whenever the query condition met without anything to do manually.