Create alert when Azure virtual machine is unavailable

There are multiple ways to create a log query alert rule. For this tutorial, we’ll start from the Logs Events tab in the Map view. This gives a summary of the log data that’s been collected for the virtual machine.
Click on Heartbeat. This opens Log Analytics, which is the primary tool to analyze log data collected from the virtual machine, with a simple query for heartbeat events. If you click on TimeGenerated to sort by that column, you can see that a heartbeat is created each minute.
For the alert, you want to return only heartbeat records in the last 5 minutes. If no records are returned, then you can assume the virtual machine is down.
Add a line to the query to filter the results to only records created in the last 5 minutes. This uses the ago function that subtracts a particular time span from the current time.
```
Heartbeat
| where Computer == 'computer-name'
| where TimeGenerated > ago(5m)
```
Click Run to see the results of this query, which should now include just the heartbeats in the last 5 minutes.
Click New alert rule to create a rule from the current query.
The alert rule will already have the Log query filled in. The Measurement is also already correct since we want to count the number of table rows returned from the query. If the number of rows is zero, then we want to create an alert.
Scroll down to Alert logic and change Operator to Equal to and provide a Threshold value of 0. This means that we want to create an alert when no records are returned, or when the record count from the query equals zero.
If you already have an action group, click Add action group to add an existing group to the alert rule.
If you don’t already have an action group in your subscription to select, then click Create action group to create a new one. Select a Subscription and Resource group for the action group and give it an Action group name that will appear in the portal and a Display name that will appear in email and SMS notifications.
Select Notifications and add one or more methods to notify appropriate people when the alert is fired.
Subscription and Resource group where the alert rule will be stored. This doesn’t need to be in the same resource group as the resource that you’re monitoring.
Severity for the alert. The severity allows you to group alerts with a similar relative importance. A severity of Error is appropriate for an unresponsive virtual machine.
Keep the box checked to Enable alert upon creation.
Keep the box checked to Automatically resolve alerts. This will automatically resolve the alert when the virtual machine comes back online and heartbeat records are seen again.
Click Review + create to create the alert rule.
To test the alert rule, stop the virtual machine. If you configured a notification in your action group, then you should receive that notification within a few minutes. You’ll also see an alert indicated in the summary shown in the Alerts page for the virtual machine.
Click on the Severity to see the list of those alerts. Click on the alert itself to view its details.