Search code examples
azure-application-insightskqlazure-container-apps

Kusto: Query to get http status codes

I am trying to query Azure container apps to create a custom alert for when there is an Http status code of 400.

I am new to kusto. I attempted the below query:

CIEventsAudit
| where StatusCode == 400
| sort by TimeGenerated desc
| limit 100
Solution

  • Your query attempt is on the right track. CIEventsAudit is the table to be used for retrieving the http status code logs for container apps.

    The below query which you already tried gives you the logs that are limited to the count100 when they are having http status code 400. And sort the logs in the descending order wrt TimeGenerated field.

    CIEventsAudit
| where StatusCode == 400
| sort by TimeGenerated desc
| limit 100

    Alternatively, you can also use below query to achieve your requirement.

    CIEventsAudit
| where OperationName contains "HttpRequest"
| where OperationStatus == 400
| sort by TimeGenerated desc
| limit 100

    Once you are done with adding either of the above queries, you can create an alert rule with custom log search signal as shown below. Under Actions, provide the necessary action group details to meet your requirements.

    enter image description here