From 795bc0754b3b5e74d0f08815653639fd96569e2c Mon Sep 17 00:00:00 2001
From: James Herr <jherr@flexion.us>
Date: Wed, 23 Oct 2024 12:37:20 -0500
Subject: [PATCH 1/5] Fixed TimeGenerated

---
 operations/template/alert.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/operations/template/alert.tf b/operations/template/alert.tf
index aa99bd167..37d75b76b 100644
--- a/operations/template/alert.tf
+++ b/operations/template/alert.tf
@@ -137,7 +137,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
 
   query = <<-QUERY
       AppServiceConsoleLogs
-      | where TimeGenerated >= ago(00.001m)
+      | where TimeGenerated >= ago(30m)
       and TimeGenerated <= now()
       | project columnifexists("ResultDescription", 'default_value')
       | project  JsonResult = parse_json(ResultDescription)

From cc9cf34f1366bf71dea893ab0cbc0c2bcab0a8eb Mon Sep 17 00:00:00 2001
From: James Herr <jherr@flexion.us>
Date: Wed, 23 Oct 2024 12:56:00 -0500
Subject: [PATCH 2/5] Testing alert fix for not hooking up to slack

---
 operations/template/alert.tf | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/operations/template/alert.tf b/operations/template/alert.tf
index 37d75b76b..898356a2d 100644
--- a/operations/template/alert.tf
+++ b/operations/template/alert.tf
@@ -136,14 +136,11 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
   enabled        = true
 
   query = <<-QUERY
-      AppServiceConsoleLogs
-      | where TimeGenerated >= ago(30m)
+    AppServiceConsoleLogs
+    | where ResultDescription contains 'Error'
+      and TimeGenerated >= ago(30m)
       and TimeGenerated <= now()
-      | project columnifexists("ResultDescription", 'default_value')
-      | project  JsonResult = parse_json(ResultDescription)
-      | evaluate bag_unpack(JsonResult) : (level:string)
-      | where level in ( 'ERROR' )
-      | summarize count()
+    | summarize count()
     QUERY
 
   severity                = 3

From 23e181fb947047ec5d8982ad67b99c9981f60e3b Mon Sep 17 00:00:00 2001
From: James Herr <jherr@flexion.us>
Date: Thu, 24 Oct 2024 11:27:58 -0500
Subject: [PATCH 3/5] Updated log error alert to include more information

Co-Authored-By: halprin <halprin@users.noreply.github.com>
---
 operations/template/alert.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/operations/template/alert.tf b/operations/template/alert.tf
index 898356a2d..01343195c 100644
--- a/operations/template/alert.tf
+++ b/operations/template/alert.tf
@@ -136,11 +136,11 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
   enabled        = true
 
   query = <<-QUERY
-    AppServiceConsoleLogs
-    | where ResultDescription contains 'Error'
-      and TimeGenerated >= ago(30m)
-      and TimeGenerated <= now()
-    | summarize count()
+      AppServiceConsoleLogs
+      | project columnifexists("ResultDescription", 'default_value')
+      | project  JsonResult = parse_json(ResultDescription)
+      | evaluate bag_unpack(JsonResult) : (level: string, message: string)
+      | where level in ( 'ERROR' )
     QUERY
 
   severity                = 3

From 14741eace2104d8c8cc2d1216e0966fc8e8abf08 Mon Sep 17 00:00:00 2001
From: James Herr <jherr@flexion.us>
Date: Thu, 24 Oct 2024 11:45:45 -0500
Subject: [PATCH 4/5] Changed frequency to 5mins

Co-Authored-By: halprin <halprin@users.noreply.github.com>
---
 operations/template/alert.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/operations/template/alert.tf b/operations/template/alert.tf
index 01343195c..7b9715069 100644
--- a/operations/template/alert.tf
+++ b/operations/template/alert.tf
@@ -144,8 +144,8 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
     QUERY
 
   severity                = 3
-  frequency               = 10
-  time_window             = 30
+  frequency               = 5
+  time_window             = 15
   auto_mitigation_enabled = true
 
   trigger {

From 715ba9cc3bd7360a112617c87ed0b22d83871cb6 Mon Sep 17 00:00:00 2001
From: James Herr <jherr@flexion.us>
Date: Thu, 24 Oct 2024 12:33:27 -0500
Subject: [PATCH 5/5] Changed threshold operator to GreaterThanOrEqual

Co-Authored-By: halprin <halprin@users.noreply.github.com>
---
 operations/template/alert.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/operations/template/alert.tf b/operations/template/alert.tf
index a53355739..a6094f132 100644
--- a/operations/template/alert.tf
+++ b/operations/template/alert.tf
@@ -272,7 +272,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
   auto_mitigation_enabled = true
 
   trigger {
-    operator  = "GreaterThan"
+    operator  = "GreaterThanOrEqual"
     threshold = 1
   }