I understand that Application Gateway can collect client IP address in access logs.
I would like to create a logic to count the number of the request in the same IP in an hour and send alert if it is more than 100 (maybe I will use Azure Functions to run this code every hour).
Can anyone share a sample code to achieve the goal? I believe I need to use KQL, but I am not familiar with it.
Adding an answer from our comment discussion.
You can use the below sample KQL query to pull the list of distinct Client_IP
with respective count within a specific hour.
AzureDiagnostics
| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess"
|summarize count() by clientIP_s