Reducing noise by adding advanced log alert filters in Health Log Analytics
Use advanced log alert filters to determine whether to allow an alert or to drop it. These filters reduce noise by dropping alerts that don't indicate a significant issue.
You can add advanced log alert filters to scan alerts for your defined conditions. For example, you can define a filter that drops alerts coming from specific log sources, or alerts for anomalies that do not cross the specified threshold.
- Alert only on anomalies that are shared across multiple hosts.
- Do not alert on anomalies that happen outside of working hours.
- Do not alert if the anomaly does not cross the specified threshold.
- Alert only on anomalies that are part of a correlation.
- Create advanced log alert filters
Add advanced log alert filters to scan alerts for conditions that you specify. The filters reduce noise by dropping alerts that do not indicate a significant issue. While developing a filter, you can test, update, publish, or activate the filter at any time.
- Continue modifying the filter by reopening the filter record from the filters list. You can then edit, test, publish, and activate the filter.
For more technical information on log alert filters, see the Advanced Log Alert Filtering [KB0863538] article in the Now Support Knowledge Base.