Mike Love
Mike Love

Reputation: 21

Azure Log Analytics - Comparing Two message traces to raise an alert if one updates

I have a Function App that pulls the Azure public key usng a PowerShell script and outputs it into log analytics. I am trying to get notified if the public key updates. At the moment, I am comparing the top two results to see changers.

Does anyone know a query that could compare two message outputs to see if the output value changers? This will be to create an alert and more automation if the public key does change.

Image Example Here

Upvotes: 2

Views: 474

Answers (1)

Peter Bons
Peter Bons

Reputation: 29830

Yes this is possible, for example by using the next() function:

traces
| where message has "OUTPUT"
| top 2 by timestamp desc
| extend different = next(message) != message
| take 1
| where different == true

using next() you can lookup the value of a column of the next row. We can use that to compare with the current value of message.

Upvotes: 1

Related Questions