Gathering and searching logs is useful when troubleshooting specific situations or bugs in response to a user complaint. However, there are situations where it is better to be notified automatically when a certain condition arises. This is called alerting.

Within Azure, it is possible to create alert rules that notify developers whenever a certain condition is met. Alerting functionality is provided by the Azure Monitor offering that is integrated with many Azure services, including Application Insights.

To create a new alert rule, follow these steps:

1. Navigate to Azure Monitor using the portal.
2. Now, choose Alerts. This opens the view shown in the following screenshot:

If there are any alerts that need attention, they are shown here.

3. To add new alert rules, use the button at the top-left hand side of the screen. Doing so opens another view, as in the following screenshot. Here, the alerting conditions can be configured:

In the preceding screenshot, the view that opens for configuring alerts is shown on the left. Here, it is necessary to make several selections to create an alert:

1. This is the resource that is the subject for the alert. This can be any type of resource and, in this instance, the alert will be on an Application Insights workspace.
2. These are the conditions to alert under. To select these, the popup on the right opens. Here, a choice can be made between different types of alerts. Pick the Log Search alert type to open the detailed view shown here. Here, the following selections must be made:
   • A query on the trace logs (refer to 2a in the previous screenshot): In this example, the trace log is queried for entries that have a severity of 4 or up, which means that they are emitted using the LogWarning or LogCritical methods.
   • A condition and operator for triggering the alert (2b): In this case, the alert is triggered whenever there is one or more matches.
   • The interval to evaluate the alert condition over (2c): When specifying a query that matches a specific number, this determines the interval in which this amount must be met.
   • How often to evaluate the alert condition (2d): Evaluating an alert condition too frequently can result in too many alerts opening and closing in a fast series. Evaluating an alert condition too infrequently can result in alerts coming in too late. Experimentation will help you understand how to configure this.
3. This is the action to execute when the alert condition is met. Since there might be a lot of alerts that have to invoke the same group of actions, actions can be grouped, and these action groups can be referenced here. Some examples of actions are calling a webhook or sending an SMS message or email.
4. The alert configuration is completed by putting in a name and description.
5. Finally, the alert can be saved.

After the alert is created and activated, which is done automatically, within a few minutes, the alert is ready to inspect application logs and signal whenever the alert condition is met.

Logging is a great method of gaining deep knowledge about what happened with a request and how an error came to be. Another technique for learning more about an application's behavior is by using metrics.