From 4b1ec6742e5dd12044d389c49058a37cab247a0e Mon Sep 17 00:00:00 2001
From: Brunoga-MS <bruno.gabrielli@microsoft.com>
Date: Tue, 17 Dec 2024 18:46:32 +0100
Subject: [PATCH 1/5] Updating Override threshold with samples

---
 .../alz/HowTo/Log_Search_Alert_Table.md       |  52 ++---
 .../patterns/alz/HowTo/Metrics_Alert_Table.md | 179 +++++++++---------
 .../patterns/alz/HowTo/Threshold-Override.md  |   6 +-
 docs/layouts/shortcodes/alzMetricAlerts.html  |   2 +-
 .../shortcodes/alzVMInsightsLogAlerts.html    |   6 +-
 5 files changed, 124 insertions(+), 121 deletions(-)

diff --git a/docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md b/docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md
index ef331badb..a24acfd3e 100644
--- a/docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md
+++ b/docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md
@@ -3,29 +3,29 @@ title: Log-search alert table
 geekdocHidden: true
 ---
 
-| Resource Type | Alert Name | Alert Type | Override Tag name |
-| ------------- | ---------- | ---------- | ----------------- |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-Data-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowDataDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-Data-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-Data-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMDisconnectedAlert | _Log search_ | ***\_amba-Disconnected-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHeartBeatAlert | _Log search_ | ***\_amba-Heartbeat-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkInAlert | _Log search_ | ***\_amba-ReadBytesPerSecond-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkOutAlert | _Log search_ | ***\_amba-WriteBytesPerSecond-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighOSDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-OS-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowOSDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-OS-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighOSDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-OS-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighCPUAlert | _Log search_ | ***\_amba-UtilizationPercentage-threshold-Override\_*** |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowMemoryAlert | _Log search_ | ***\_amba-AvailableMemoryPercentage-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighDataDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-Data-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMLowDataDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-Data-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighDataDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-Data-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHeartBeatAlert | _Log search_ | ***\_amba-Heartbeat-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighNetworkInAlert | _Log search_ | ***\_amba-ReadBytesPerSecond-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighNetworkOutAlert | _Log search_ | ***\_amba-WriteBytesPerSecond-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighOSDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-OS-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMLowOSDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-OS-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighOSDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-OS-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMHighCPUAlert | _Log search_ | ***\_amba-UtilizationPercentage-threshold-Override\_*** |
-| Virtual machine | *```subscription().displayName```*-VMLowMemoryAlert | _Log search_ | ***\_amba-AvailableMemoryPercentage-threshold-Override\_*** |
-| Log Analytics workspace | *```resourceName```*-DailyCapLimitReachedAlert | _Log search_ | ***Not available as threshold will always be ```0```*** |
+| Resource Type | Alert Name | Alert Type | Override Tag name | Tag value type | Example |
+| ------------- | ---------- | ---------- | ----------------- | -------------- | ------- |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-Data-threshold-Override\_*** | Number | 35 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowDataDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-Data-threshold-Override\_*** | Number | 8 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-Data-threshold-Override\_*** | Number | 35 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMDisconnectedAlert | _Log search_ | ***\_amba-Disconnected-threshold-Override\_*** | Number | 5 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHeartBeatAlert | _Log search_ | ***\_amba-Heartbeat-threshold-Override\_*** | Number | 5 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkInAlert | _Log search_ | ***\_amba-ReadBytesPerSecond-threshold-Override\_*** | Number | 20000000 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkOutAlert | _Log search_ | ***\_amba-WriteBytesPerSecond-threshold-Override\_*** | Number | 20000000 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighOSDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-OS-threshold-Override\_*** | Number | 35 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowOSDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-OS-threshold-Override\_*** | Number | 8 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighOSDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-OS-threshold-Override\_*** | Number | 35 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighCPUAlert | _Log search_ | ***\_amba-UtilizationPercentage-threshold-Override\_*** | Number | 90 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowMemoryAlert | _Log search_ | ***\_amba-AvailableMemoryPercentage-threshold-Override\_*** | Number | 8 |
+| Virtual machine | *```subscription().displayName```*-VMHighDataDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-Data-threshold-Override\_*** | Number | 35 |
+| Virtual machine | *```subscription().displayName```*-VMLowDataDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-Data-threshold-Override\_*** | Number | 8 |
+| Virtual machine | *```subscription().displayName```*-VMHighDataDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-Data-threshold-Override\_*** | Number | 35 |
+| Virtual machine | *```subscription().displayName```*-VMHeartBeatAlert | _Log search_ | ***\_amba-Heartbeat-threshold-Override\_*** | Number | 5 |
+| Virtual machine | *```subscription().displayName```*-VMHighNetworkInAlert | _Log search_ | ***\_amba-ReadBytesPerSecond-threshold-Override\_*** | Number | 20000000 |
+| Virtual machine | *```subscription().displayName```*-VMHighNetworkOutAlert | _Log search_ | ***\_amba-WriteBytesPerSecond-threshold-Override\_*** | Number | 20000000 |
+| Virtual machine | *```subscription().displayName```*-VMHighOSDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-OS-threshold-Override\_*** | Number | 35 |
+| Virtual machine | *```subscription().displayName```*-VMLowOSDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-OS-threshold-Override\_*** | Number | 8 |
+| Virtual machine | *```subscription().displayName```*-VMHighOSDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-OS-threshold-Override\_*** | Number | 35 |
+| Virtual machine | *```subscription().displayName```*-VMHighCPUAlert | _Log search_ | ***\_amba-UtilizationPercentage-threshold-Override\_*** | Number | 90 |
+| Virtual machine | *```subscription().displayName```*-VMLowMemoryAlert | _Log search_ | ***\_amba-AvailableMemoryPercentage-threshold-Override\_*** | Number | 8 |
+| Log Analytics workspace | *```resourceName```*-DailyCapLimitReachedAlert | _Log search_ | <span style="color:DarkOrange">***Not available as threshold will always be 0***</span> | <span style="color:DarkOrange">***Not applicable***</span>| <span style="color:DarkOrange">***N/A***</span> |
diff --git a/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md b/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md
index 71529bc53..12f983784 100644
--- a/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md
+++ b/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md
@@ -3,93 +3,92 @@ title: Metrics alert table
 geekdocHidden: true
 ---
 
-| Resource Type | Alert Name | Alert Type | Override Tag name |
-| ------------- | ---------- | ---------- | ----------------- |
-| Virtual machine | *```resourceName```*-AvailableMemoryAlert | Metrics | ***\_amba-AvailableMemoryBytes-threshold-Override\_*** |
-| Automation Account | *```resourceName```*-TotalJob | Metrics | ***\_amba-TotalJob-threshold-Override\_*** |
-| Front Door and CDN as | *```resourceName```*-OriginHealthPercentage | Metrics | ***\_amba-OriginHealthPercentage-threshold-Override\_*** |
-| Front Door and CDN as | *```resourceName```*-OriginLatencyAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Front Door and CDN as | *```resourceName```*-Percentage4XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Front Door and CDN as | *```resourceName```*-Percentage5XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Key vault | ActivityKeyVaultDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Key vault | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** |
-| Key vault | *```resourceName```*-CapacityAlert | Metrics | ***\_amba-SaturationShoebox-threshold-Override\_*** |
-| Key vault | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** |
-| Key vault | *```resourceName```*-RequestsAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Azure Key Vault Managed HSM | ActivityManagedHSMDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Azure Key Vault Managed HSM | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** |
-| Azure Key Vault Managed HSM | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** |
-| Application gateway | *```resourceName```*-agApplicationGatewayTotalTime | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Application gateway | *```resourceName```*-agBackendLastByteResponseTime | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Application gateway | *```resourceName```*-agCapacityUnits | Metrics | ***\_amba-CapacityUnits-threshold-Override\_*** |
-| Application gateway | *```resourceName```*-agComputeUnits | Metrics | ***\_amba-ComputeUnits-threshold-Override\_*** |
-| Application gateway | *```resourceName```*-agCpuUtilization | Metrics | ***\_amba-CpuUtilization-threshold-Override\_*** |
-| Application gateway | *```resourceName```*-agFailedRequests | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Application gateway | *```resourceName```*-agResponseStatus | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Application gateway | *```resourceName```*-agUnhealthyHostCount | Metrics | ***\_amba-UnhealthyHostCount-threshold-Override\_*** |
-| Firewall | ActivityAzureFirewallDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Firewall | *```resourceName```*-FirewallHealth | Metrics | ***\_amba-FirewallHealth-threshold-Override\_*** |
-| Firewall | *```resourceName```*-SNATPortUtilization | Metrics | ***\_amba-SNATPortUtilization-threshold-Override\_*** |
-| ExpressRoute circuit | *```resourceName```*-ArpAvailability | Metrics | ***\_amba-ArpAvailability-threshold-Override\_*** |
-| ExpressRoute circuit | *```resourceName```*-BgpAvailability | Metrics | ***\_amba-BgpAvailability-threshold-Override\_*** |
-| ExpressRoute circuit | *```resourceName```*-QosDropBitsInPerSecond | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| ExpressRoute circuit | *```resourceName```*-QosDropBitsOutPerSecond | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| ExpressRoute gateway | *```resourceName```*-GatewayERBitsInAlert | Metrics | ***\_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override\_*** |
-| ExpressRoute gateway | *```resourceName```*-GatewayERBitsOutAlert | Metrics | ***\_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override\_*** |
-| ExpressRoute gateway | *```resourceName```*-GatewayERCPUAlert | Metrics | ***\_amba-ExpressRouteGatewayCpuUtilization-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERBitsInAlert | Metrics | ***\_amba-PortBitsInPerSecond-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERBitsOutAlert | Metrics | ***\_amba-PortBitsOutPerSecond-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERLineProtocolAlert | Metrics | ***\_amba-LineProtocol-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERRxLightLevelHighAlert | Metrics | ***\_amba-RxLightLevel-High-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERRxLightLevelLowAlert | Metrics | ***\_amba-RxLightLevel-Low-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERTxLightLevelHighAlert | Metrics | ***\_amba-TxLightLevel-High-threshold-Override\_*** |
-| ExpressRoute port | *```resourceName```*-DirectERTxLightLevelLowAlert | Metrics | ***\_amba-TxLightLevel-Low-threshold-Override\_*** |
-| Front Door | *```resourceName```*-BackendHealthPercentage | Metrics | ***\_amba-BackendHealthPercentage-threshold-Override\_*** |
-| Front Door | *```resourceName```*-BackendRequestLatencyAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Load balancer | *```resourceName```*-ALBDataPathAvailability | Metrics | ***\_amba-VipAvailability-threshold-Override\_*** |
-| Load balancer | *```resourceName```*-ALBGlobalBackendAvailability | Metrics | ***\_amba-GlobalBackendAvailability-threshold-Override\_*** |
-| Load balancer | *```resourceName```*-ALBHealthProbeStatus | Metrics | ***\_amba-DipAvailability-threshold-Override\_*** |
-| Load balancer | *```resourceName```*-ALBUsedSNATPorts | Metrics | ***\_amba-UsedSNATPorts-threshold-Override\_*** |
-| Network security group | ActivityNSGDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Private DNS zone | *```resourceName```*-CapacityUtilizationAlert | Metrics | ***\_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override\_*** |
-| Private DNS zone | *```resourceName```*-QueryVolumeAlert | Metrics | ***\_amba-QueryVolume-threshold-Override\_*** |
-| Private DNS zone | *```resourceName```*-RecordSet_Capacity_Utilization | Metrics | ***\_amba-RecordSetCapacityUtilization-threshold-Override\_*** |
-| Private DNS zone | *```resourceName```*-RequestsAlert | Metrics | ***\_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override\_*** |
-| Public IP address | *```resourceName```*-BytesInDDOSAlert | Metrics | ***\_amba-bytesinddos-threshold-Override\_*** |
-| Public IP address | *```resourceName```*-DDOS_Attack | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** |
-| Public IP address | *```resourceName```*-PacketsInDDosAlert | Metrics | ***\_amba-PacketsInDDoS-threshold-Override\_*** |
-| Public IP address | *```resourceName```*-VIPAvailabityAlert | Metrics | ***\_amba-VipAvailability-threshold-Override\_*** |
-| Route table | ActivityUDRUpdate | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Traffic Manager as | *```resourceName```*-EndpointHealthAlert | Metrics | ***\_amba-EndpointHealth-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-TunnelBandwidthAlert | Metrics | ***\_amba-TunnelAverageBandwidth-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-TunnelEgressBytes-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-TunnelEgressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Virtual network gateway | *```resourceName```*-TunnelEgressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Virtual network gateway | *```resourceName```*-GatewayERBitsAlert | Metrics | ***\_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-GatewayERCPUAlert | Metrics | ***\_amba-ExpressRouteGatewayCpuUtilization-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-TunnelIngressAlert | Metrics | ***\_amba-TunnelIngressBytes-threshold-Override\_*** |
-| Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Virtual network | *```resourceName```*-DDOSAttackAlert | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** |
-| VPN Gateway | ActivityVPNGatewayDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| VPN Gateway | *```resourceName```*-GatewayBandwidthAlert | Metrics | ***\_amba-tunnelaveragebandwidth-threshold-Override\_*** |
-| VPN Gateway | *```resourceName```*-BGPPeerStatusAlert | Metrics | ***\_amba-bgppeerstatus-threshold-Override\_*** |
-| VPN Gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-tunnelegressbytes-threshold-Override\_*** |
-| VPN Gateway | *```resourceName```*-TunnelEgressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| VPN Gateway | *```resourceName```*-TunnelEgressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| VPN Gateway | *```resourceName```*-TunnelIngressAlert | Metrics | ***\_amba-tunnelingressbytes-threshold-Override\_*** |
-| VPN Gateway | *```resourceName```*-TunnelIngressPacketDropCount | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| VPN Gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| Log Analytics workspace | ActivityLAWorkspaceDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Log Analytics workspace | ActivityLAWorkspaceRegenKey | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Subscription | ResourceHealthUnhealthyAlert | Resource health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Subscription | ServiceHealthHealth | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Subscription | ServiceHealthIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Subscription | ServiceHealthMaintenance | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Subscription | ServiceSecurityIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Storage account | ActivitySADelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> |
-| Storage account | *```resourceName```*-AvailabilityAlert | Metrics | ***\_amba-Availability-threshold-Override\_*** |
-| App Service plan | *```resourceName```*-CpuPercentage | Metrics | ***\_amba-CpuPercentage-threshold-Override\_*** |
-| App Service plan | *```resourceName```*-DiskQueueLengthAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| App Service plan | *```resourceName```*-HttpQueueLengthAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> |
-| App Service plan | *```resourceName```*-MemoryPercentage | Metrics | ***\_amba-MemoryPercentage-threshold-Override\_*** |
+| Resource Type | Alert Name | Alert Type | Override Tag name | Tag value type | Example |
+| ------------- | ---------- | ---------- | ----------------- | -------------- | ------- |
+| Automation Account | *```resourceName```*-TotalJob | Metrics | ***\_amba-TotalJob-threshold-Override\_*** | Number | 10 |
+| Front Door CDN profiles | *```resourceName```*-OriginHealthPercentage | Metrics | ***\_amba-OriginHealthPercentage-threshold-Override\_*** | Number | 35 |
+| Front Door CDN profiles | *```resourceName```*-OriginLatencyAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span>| <span style="color:DarkOrange">***N/A***</span> |
+| Front Door CDN profiles | *```resourceName```*-Percentage4XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Front Door CDN profiles | *```resourceName```*-Percentage5XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Key vault | ActivityKeyVaultDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Key vault | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 80 |
+| Key vault | *```resourceName```*-CapacityAlert | Metrics | ***\_amba-SaturationShoebox-threshold-Override\_*** | Number | 90 |
+| Key vault | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** | Number | 900 |
+| Key vault | *```resourceName```*-RequestsAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Azure Key Vault Managed HSM | ActivityManagedHSMDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Azure Key Vault Managed HSM | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 80 |
+| Azure Key Vault Managed HSM | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** | Number | 900 |
+| Application gateway | *```resourceName```*-agApplicationGatewayTotalTime | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Application gateway | *```resourceName```*-agBackendLastByteResponseTime | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Application gateway | *```resourceName```*-agCapacityUnits | Metrics | ***\_amba-CapacityUnits-threshold-Override\_*** | Number | 90 |
+| Application gateway | *```resourceName```*-agComputeUnits | Metrics | ***\_amba-ComputeUnits-threshold-Override\_*** | Number | 90 |
+| Application gateway | *```resourceName```*-agCpuUtilization | Metrics | ***\_amba-CpuUtilization-threshold-Override\_*** | Number | 75 |
+| Application gateway | *```resourceName```*-agFailedRequests | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Application gateway | *```resourceName```*-agResponseStatus | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Application gateway | *```resourceName```*-agUnhealthyHostCount | Metrics | ***\_amba-UnhealthyHostCount-threshold-Override\_*** | Number | 25 |
+| Firewall | ActivityAzureFirewallDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Firewall | *```resourceName```*-FirewallHealth | Metrics | ***\_amba-FirewallHealth-threshold-Override\_*** | Number | 75 |
+| Firewall | *```resourceName```*-SNATPortUtilization | Metrics | ***\_amba-SNATPortUtilization-threshold-Override\_*** | Number | 90 |
+| ExpressRoute circuit | *```resourceName```*-ArpAvailability | Metrics | ***\_amba-ArpAvailability-threshold-Override\_*** | Number | 85 |
+| ExpressRoute circuit | *```resourceName```*-BgpAvailability | Metrics | ***\_amba-BgpAvailability-threshold-Override\_*** | Number | 85 |
+| ExpressRoute circuit | *```resourceName```*-QosDropBitsInPerSecond | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| ExpressRoute circuit | *```resourceName```*-QosDropBitsOutPerSecond | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| ExpressRoute gateway | *```resourceName```*-GatewayERBitsInAlert | Metrics | ***\_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override\_*** | Number | 10 |
+| ExpressRoute gateway | *```resourceName```*-GatewayERBitsOutAlert | Metrics | ***\_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override\_*** | Number | 10 |
+| ExpressRoute gateway | *```resourceName```*-GatewayERCPUAlert | Metrics | ***\_amba-ExpressRouteGatewayCpuUtilization-threshold-Override\_*** | Number | 85 |
+| ExpressRoute port | *```resourceName```*-DirectERBitsInAlert | Metrics | ***\_amba-PortBitsInPerSecond-threshold-Override\_*** | Number | 10 |
+| ExpressRoute port | *```resourceName```*-DirectERBitsOutAlert | Metrics | ***\_amba-PortBitsOutPerSecond-threshold-Override\_*** | Number | 10 |
+| ExpressRoute port | *```resourceName```*-DirectERLineProtocolAlert | Metrics | ***\_amba-LineProtocol-threshold-Override\_*** | Number | 0.5 |
+| ExpressRoute port | *```resourceName```*-DirectERRxLightLevelHighAlert | Metrics | ***\_amba-RxLightLevel-High-threshold-Override\_*** | Number | 4 |
+| ExpressRoute port | *```resourceName```*-DirectERRxLightLevelLowAlert | Metrics | ***\_amba-RxLightLevel-Low-threshold-Override\_*** | Number | 4 |
+| ExpressRoute port | *```resourceName```*-DirectERTxLightLevelHighAlert | Metrics | ***\_amba-TxLightLevel-High-threshold-Override\_*** | Number | 4 |
+| ExpressRoute port | *```resourceName```*-DirectERTxLightLevelLowAlert | Metrics | ***\_amba-TxLightLevel-Low-threshold-Override\_*** | Number | 4 |
+| Front Door | *```resourceName```*-BackendHealthPercentage | Metrics | ***\_amba-BackendHealthPercentage-threshold-Override\_*** | Number | 85 |
+| Front Door | *```resourceName```*-BackendRequestLatencyAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Load balancer | *```resourceName```*-ALBDataPathAvailability | Metrics | ***\_amba-VipAvailability-threshold-Override\_*** | Number | 85 |
+| Load balancer | *```resourceName```*-ALBGlobalBackendAvailability | Metrics | ***\_amba-GlobalBackendAvailability-threshold-Override\_*** | Number | 85 |
+| Load balancer | *```resourceName```*-ALBHealthProbeStatus | Metrics | ***\_amba-DipAvailability-threshold-Override\_*** | Number | 85 |
+| Load balancer | *```resourceName```*-ALBUsedSNATPorts | Metrics | ***\_amba-UsedSNATPorts-threshold-Override\_*** | Number | 800 |
+| Network security group | ActivityNSGDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Private DNS zone | *```resourceName```*-CapacityUtilizationAlert | Metrics | ***\_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override\_*** | Number | 75 |
+| Private DNS zone | *```resourceName```*-QueryVolumeAlert | Metrics | ***\_amba-QueryVolume-threshold-Override\_*** | Number | 400 |
+| Private DNS zone | *```resourceName```*-RecordSet_Capacity_Utilization | Metrics | ***\_amba-RecordSetCapacityUtilization-threshold-Override\_*** | Number | 75 |
+| Private DNS zone | *```resourceName```*-RequestsAlert | Metrics | ***\_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override\_*** | Number | 75 |
+| Public IP address | *```resourceName```*-BytesInDDOSAlert | Metrics | ***\_amba-bytesinddos-threshold-Override\_*** | Number | 7500000 |
+| Public IP address | *```resourceName```*-DDOS_Attack | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** | Number | 5 |
+| Public IP address | *```resourceName```*-PacketsInDDosAlert | Metrics | ***\_amba-PacketsInDDoS-threshold-Override\_*** | Number | 35000 |
+| Public IP address | *```resourceName```*-VIPAvailabityAlert | Metrics | ***\_amba-VipAvailability-threshold-Override\_*** | Number | 80 |
+| Route table | ActivityUDRUpdate | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Traffic Manager | *```resourceName```*-EndpointHealthAlert | Metrics | ***\_amba-EndpointHealth-threshold-Override\_*** | Number | 0.7 |
+| Virtual network gateway | *```resourceName```*-TunnelBandwidthAlert | Metrics | ***\_amba-TunnelAverageBandwidth-threshold-Override\_*** | Number | 2 |
+| Virtual network gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-TunnelEgressBytes-threshold-Override\_*** | Number | 2 |
+| Virtual network gateway | *```resourceName```*-TunnelEgressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Virtual network gateway | *```resourceName```*-TunnelEgressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Virtual network gateway | *```resourceName```*-GatewayERBitsAlert | Metrics | ***\_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override\_*** | Number | 2 |
+| Virtual network gateway | *```resourceName```*-GatewayERCPUAlert | Metrics | ***\_amba-ExpressRouteGatewayCpuUtilization-threshold-Override\_*** | Number | 75 |
+| Virtual network gateway | *```resourceName```*-TunnelIngressAlert | Metrics | ***\_amba-TunnelIngressBytes-threshold-Override\_*** | Number | 2 |
+| Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span>| <span style="color:DarkOrange">***N/A***</span> |
+| Virtual network | *```resourceName```*-DDOSAttackAlert | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** | Number | 1 |
+| VPN Gateway | ActivityVPNGatewayDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| VPN Gateway | *```resourceName```*-GatewayBandwidthAlert | Metrics | ***\_amba-tunnelaveragebandwidth-threshold-Override\_*** | Number | 2 |
+| VPN Gateway | *```resourceName```*-BGPPeerStatusAlert | Metrics | ***\_amba-bgppeerstatus-threshold-Override\_*** | Number | 2 |
+| VPN Gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-tunnelegressbytes-threshold-Override\_*** | Number | 2 |
+| VPN Gateway | *```resourceName```*-TunnelEgressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| VPN Gateway | *```resourceName```*-TunnelEgressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| VPN Gateway | *```resourceName```*-TunnelIngressAlert | Metrics | ***\_amba-tunnelingressbytes-threshold-Override\_*** | Number | 2 |
+| VPN Gateway | *```resourceName```*-TunnelIngressPacketDropCount | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| VPN Gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Log Analytics workspace | ActivityLAWorkspaceDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Log Analytics workspace | ActivityLAWorkspaceRegenKey | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ResourceHealthUnhealthyAlert | Resource health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthHealth | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthMaintenance | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceSecurityIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Storage account | ActivitySADelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Storage account | *```resourceName```*-AvailabilityAlert | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 90 |
+| App Service plan | *```resourceName```*-CpuPercentage | Metrics | ***\_amba-CpuPercentage-threshold-Override\_*** | Number | 75 |
+| App Service plan | *```resourceName```*-DiskQueueLengthAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| App Service plan | *```resourceName```*-HttpQueueLengthAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| App Service plan | *```resourceName```*-MemoryPercentage | Metrics | ***\_amba-MemoryPercentage-threshold-Override\_*** | Number | 75 |
diff --git a/docs/content/patterns/alz/HowTo/Threshold-Override.md b/docs/content/patterns/alz/HowTo/Threshold-Override.md
index 71258ae23..3a11aa3c1 100644
--- a/docs/content/patterns/alz/HowTo/Threshold-Override.md
+++ b/docs/content/patterns/alz/HowTo/Threshold-Override.md
@@ -40,7 +40,11 @@ In scenarios where the same metric is used multiple times for the same resource,
 
 ```***_amba-<metricName/counterName>-<differentiator>-threshold-Override_***```
 
-The following table provides a mapping between alert names and the corresponding tag values that need to be created:
+The following tables provide a mapping between alert names and the corresponding tag name that need to be created. They contain information about the value type (number, string) and examples of the format:
+
+{{< hint type=Warning >}}
+The sample values in the tables ***are not meant*** to serve as recommendations for the override value!
+{{< /hint >}}
 
 </br>
 
diff --git a/docs/layouts/shortcodes/alzMetricAlerts.html b/docs/layouts/shortcodes/alzMetricAlerts.html
index 5f3e66710..3c5f339d9 100644
--- a/docs/layouts/shortcodes/alzMetricAlerts.html
+++ b/docs/layouts/shortcodes/alzMetricAlerts.html
@@ -1,6 +1,6 @@
 <div><table>
   <tr>
-    <th>Alert Name</th>
+    <th>Alert Policy Name</th>
     <th>Component</th>
     <th>Metric</th>
     <th>Aggregation</th>
diff --git a/docs/layouts/shortcodes/alzVMInsightsLogAlerts.html b/docs/layouts/shortcodes/alzVMInsightsLogAlerts.html
index f423a93f8..41326de4a 100644
--- a/docs/layouts/shortcodes/alzVMInsightsLogAlerts.html
+++ b/docs/layouts/shortcodes/alzVMInsightsLogAlerts.html
@@ -1,6 +1,6 @@
 <div><table>
   <tr>
-    <th>Alert Name</th>
+    <th>Alert Policy Name</th>
     <th>Component</th>
     <th>Aggregation</th>
     <th>Operator</th>
@@ -17,11 +17,11 @@
   </tr>
 
 {{ range $category, $types := $.Site.Data  }}
-  {{ if ne $category "Compute" }}
+  {{ if and (ne $category "Compute") (ne $category "HybridCompute") }}
     {{ continue }}
   {{ end }}
   {{ range $type, $rules := $types }}
-    {{ if ne $type "virtualMachines" }}
+    {{ if and (ne $type "virtualMachines") (ne $type "machines") }}
       {{ continue }}
     {{ end }}
     {{ range $rules.alerts }}

From 66b82e67bed586786da1244ec7ddd434546d430d Mon Sep 17 00:00:00 2001
From: Brunoga-MS <bruno.gabrielli@microsoft.com>
Date: Tue, 17 Dec 2024 19:16:22 +0100
Subject: [PATCH 2/5] Adding suggestion made through PR#398

---
 .../alz/HowTo/Temporarily-disabling-notifications.md      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/content/patterns/alz/HowTo/Temporarily-disabling-notifications.md b/docs/content/patterns/alz/HowTo/Temporarily-disabling-notifications.md
index 3656b4189..be32f8d0c 100644
--- a/docs/content/patterns/alz/HowTo/Temporarily-disabling-notifications.md
+++ b/docs/content/patterns/alz/HowTo/Temporarily-disabling-notifications.md
@@ -27,7 +27,7 @@ To configure the APR, follow these steps:
 
 2. Click on the ARP named ***apr-AMBA-<mark>subscription display name</mark>-002*** with rule type **Suppression**
 
-  ![Suppression aler processing rule](../../media/SuppressionAlertProcessingRule.png)
+  ![Suppression alert processing rule](../../media/SuppressionAlertProcessingRule.png)
 
 3. Click on ***Edit***
 
@@ -42,11 +42,13 @@ To configure the APR, follow these steps:
     ![Configure filter](../../media/Filter-AlertProcessingRule.png)
 
     {{< hint type=Important >}}
-    Each filter can include up to ***5*** values. If you need to specify more than **5** resources, add additional filter lines.
+  Each filter can include up to ***5*** values. If you need to specify more than **5** resources, you will need to create a new Alert Processing Rule to suppress notifications, as each filter type can only be used once within the same Alert Processing Rule.
     {{< /hint >}}
 
 5. Click on ***Review + save*** and then ***Save***
 
   {{< hint type=Note >}}
-  It is possible to apply other types of filter. For a complete list of allowed scopes and filters, refer to the official [Scope and filters for alert processing rules](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#scope-and-filters-for-alert-processing-rules) documentation.
+  It is possible to apply other types of filter. For example, you could add the *Alert Rule name* as a filter to only suppress the *ResourceHealthUnhealthyAlert* for specific resources during maintenance instead of all resource-related alerts.
+
+  For a complete list of allowed scopes and filters, refer to the official [Scope and filters for alert processing rules](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#scope-and-filters-for-alert-processing-rules) documentation.
   {{< /hint >}}

From 10643197bab6242ceb37b4408c371489974c2d47 Mon Sep 17 00:00:00 2001
From: Brunoga-MS <bruno.gabrielli@microsoft.com>
Date: Thu, 19 Dec 2024 09:51:32 +0100
Subject: [PATCH 3/5] Putting Activity log alerts into separate/dedicated table

---
 .../alz/HowTo/ActivityLog_Alerts_Table.md     | 20 +++++++++++++++++++
 ...rt_Table.md => Log_Search_Alerts_Table.md} |  0
 ...Alert_Table.md => Metrics_Alerts_Table.md} | 14 -------------
 .../patterns/alz/HowTo/Threshold-Override.md  | 10 ++++++++--
 4 files changed, 28 insertions(+), 16 deletions(-)
 create mode 100644 docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
 rename docs/content/patterns/alz/HowTo/{Log_Search_Alert_Table.md => Log_Search_Alerts_Table.md} (100%)
 rename docs/content/patterns/alz/HowTo/{Metrics_Alert_Table.md => Metrics_Alerts_Table.md} (77%)

diff --git a/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md b/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
new file mode 100644
index 000000000..67142a32e
--- /dev/null
+++ b/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
@@ -0,0 +1,20 @@
+---
+title: Metrics alert table
+geekdocHidden: true
+---
+
+| Resource Type | Alert Name | Alert Type | Override Tag name | Tag value type | Example |
+| ------------- | ---------- | ---------- | ----------------- | -------------- | ------- |
+| Key vault | ActivityKeyVaultDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Azure Key Vault Managed HSM | ActivityManagedHSMDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Firewall | ActivityAzureFirewallDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Route table | ActivityUDRUpdate | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| VPN Gateway | ActivityVPNGatewayDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Log Analytics workspace | ActivityLAWorkspaceDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Log Analytics workspace | ActivityLAWorkspaceRegenKey | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ResourceHealthUnhealthyAlert | Resource health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthHealth | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceHealthMaintenance | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Subscription | ServiceSecurityIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
+| Storage account | ActivitySADelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
diff --git a/docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md b/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
similarity index 100%
rename from docs/content/patterns/alz/HowTo/Log_Search_Alert_Table.md
rename to docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
diff --git a/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md b/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
similarity index 77%
rename from docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md
rename to docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
index 12f983784..e58bff812 100644
--- a/docs/content/patterns/alz/HowTo/Metrics_Alert_Table.md
+++ b/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
@@ -10,12 +10,10 @@ geekdocHidden: true
 | Front Door CDN profiles | *```resourceName```*-OriginLatencyAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span>| <span style="color:DarkOrange">***N/A***</span> |
 | Front Door CDN profiles | *```resourceName```*-Percentage4XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Front Door CDN profiles | *```resourceName```*-Percentage5XXAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Key vault | ActivityKeyVaultDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Key vault | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 80 |
 | Key vault | *```resourceName```*-CapacityAlert | Metrics | ***\_amba-SaturationShoebox-threshold-Override\_*** | Number | 90 |
 | Key vault | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** | Number | 900 |
 | Key vault | *```resourceName```*-RequestsAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Azure Key Vault Managed HSM | ActivityManagedHSMDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Azure Key Vault Managed HSM | *```resourceName```*-Availability | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 80 |
 | Azure Key Vault Managed HSM | *```resourceName```*-LatencyAlert | Metrics | ***\_amba-ServiceApiLatency-threshold-Override\_*** | Number | 900 |
 | Application gateway | *```resourceName```*-agApplicationGatewayTotalTime | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
@@ -26,7 +24,6 @@ geekdocHidden: true
 | Application gateway | *```resourceName```*-agFailedRequests | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Application gateway | *```resourceName```*-agResponseStatus | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Application gateway | *```resourceName```*-agUnhealthyHostCount | Metrics | ***\_amba-UnhealthyHostCount-threshold-Override\_*** | Number | 25 |
-| Firewall | ActivityAzureFirewallDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Firewall | *```resourceName```*-FirewallHealth | Metrics | ***\_amba-FirewallHealth-threshold-Override\_*** | Number | 75 |
 | Firewall | *```resourceName```*-SNATPortUtilization | Metrics | ***\_amba-SNATPortUtilization-threshold-Override\_*** | Number | 90 |
 | ExpressRoute circuit | *```resourceName```*-ArpAvailability | Metrics | ***\_amba-ArpAvailability-threshold-Override\_*** | Number | 85 |
@@ -49,7 +46,6 @@ geekdocHidden: true
 | Load balancer | *```resourceName```*-ALBGlobalBackendAvailability | Metrics | ***\_amba-GlobalBackendAvailability-threshold-Override\_*** | Number | 85 |
 | Load balancer | *```resourceName```*-ALBHealthProbeStatus | Metrics | ***\_amba-DipAvailability-threshold-Override\_*** | Number | 85 |
 | Load balancer | *```resourceName```*-ALBUsedSNATPorts | Metrics | ***\_amba-UsedSNATPorts-threshold-Override\_*** | Number | 800 |
-| Network security group | ActivityNSGDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Private DNS zone | *```resourceName```*-CapacityUtilizationAlert | Metrics | ***\_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override\_*** | Number | 75 |
 | Private DNS zone | *```resourceName```*-QueryVolumeAlert | Metrics | ***\_amba-QueryVolume-threshold-Override\_*** | Number | 400 |
 | Private DNS zone | *```resourceName```*-RecordSet_Capacity_Utilization | Metrics | ***\_amba-RecordSetCapacityUtilization-threshold-Override\_*** | Number | 75 |
@@ -58,7 +54,6 @@ geekdocHidden: true
 | Public IP address | *```resourceName```*-DDOS_Attack | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** | Number | 5 |
 | Public IP address | *```resourceName```*-PacketsInDDosAlert | Metrics | ***\_amba-PacketsInDDoS-threshold-Override\_*** | Number | 35000 |
 | Public IP address | *```resourceName```*-VIPAvailabityAlert | Metrics | ***\_amba-VipAvailability-threshold-Override\_*** | Number | 80 |
-| Route table | ActivityUDRUpdate | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Traffic Manager | *```resourceName```*-EndpointHealthAlert | Metrics | ***\_amba-EndpointHealth-threshold-Override\_*** | Number | 0.7 |
 | Virtual network gateway | *```resourceName```*-TunnelBandwidthAlert | Metrics | ***\_amba-TunnelAverageBandwidth-threshold-Override\_*** | Number | 2 |
 | Virtual network gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-TunnelEgressBytes-threshold-Override\_*** | Number | 2 |
@@ -70,7 +65,6 @@ geekdocHidden: true
 | Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropCountAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Virtual network gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span>| <span style="color:DarkOrange">***N/A***</span> |
 | Virtual network | *```resourceName```*-DDOSAttackAlert | Metrics | ***\_amba-ifunderddosattack-threshold-Override\_*** | Number | 1 |
-| VPN Gateway | ActivityVPNGatewayDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | VPN Gateway | *```resourceName```*-GatewayBandwidthAlert | Metrics | ***\_amba-tunnelaveragebandwidth-threshold-Override\_*** | Number | 2 |
 | VPN Gateway | *```resourceName```*-BGPPeerStatusAlert | Metrics | ***\_amba-bgppeerstatus-threshold-Override\_*** | Number | 2 |
 | VPN Gateway | *```resourceName```*-TunnelEgressAlert | Metrics | ***\_amba-tunnelegressbytes-threshold-Override\_*** | Number | 2 |
@@ -79,14 +73,6 @@ geekdocHidden: true
 | VPN Gateway | *```resourceName```*-TunnelIngressAlert | Metrics | ***\_amba-tunnelingressbytes-threshold-Override\_*** | Number | 2 |
 | VPN Gateway | *```resourceName```*-TunnelIngressPacketDropCount | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | VPN Gateway | *```resourceName```*-TunnelIngressPacketDropTSMismatchAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Log Analytics workspace | ActivityLAWorkspaceDelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Log Analytics workspace | ActivityLAWorkspaceRegenKey | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Subscription | ResourceHealthUnhealthyAlert | Resource health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Subscription | ServiceHealthHealth | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Subscription | ServiceHealthIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Subscription | ServiceHealthMaintenance | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Subscription | ServiceSecurityIncident | Service health | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
-| Storage account | ActivitySADelete | Activity Log | <span style="color:DarkOrange">***Not available since Activity Log based alerts do not have thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
 | Storage account | *```resourceName```*-AvailabilityAlert | Metrics | ***\_amba-Availability-threshold-Override\_*** | Number | 90 |
 | App Service plan | *```resourceName```*-CpuPercentage | Metrics | ***\_amba-CpuPercentage-threshold-Override\_*** | Number | 75 |
 | App Service plan | *```resourceName```*-DiskQueueLengthAlert | Metrics | <span style="color:DarkOrange">***Not available since it uses dynamic thresholds***</span> | <span style="color:DarkOrange">***Not applicable***</span> | <span style="color:DarkOrange">***N/A***</span> |
diff --git a/docs/content/patterns/alz/HowTo/Threshold-Override.md b/docs/content/patterns/alz/HowTo/Threshold-Override.md
index 3a11aa3c1..93d635a78 100644
--- a/docs/content/patterns/alz/HowTo/Threshold-Override.md
+++ b/docs/content/patterns/alz/HowTo/Threshold-Override.md
@@ -50,10 +50,16 @@ The sample values in the tables ***are not meant*** to serve as recommendations
 
 ### Log-search alerts table
 
-{{% include "Log_Search_Alert_Table.md" %}}
+{{% include "Log_Search_Alerts_Table.md" %}}
 
 </br>
 
 ### Metric alerts table
 
-{{% include "Metrics_Alert_Table.md" %}}
+{{% include "Metrics_Alerts_Table.md" %}}
+
+</br>
+
+### Activity Log alerts table
+
+{{% include "ActivityLog_Alerts_Table.md" %}}

From 1e0e2ec3cf6c35fb7e425dc15de8029151c2f3be Mon Sep 17 00:00:00 2001
From: Brunoga-MS <bruno.gabrielli@microsoft.com>
Date: Thu, 19 Dec 2024 18:21:16 +0100
Subject: [PATCH 4/5] Fix titles in alert tables for consistency

---
 docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md | 2 +-
 docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md  | 2 +-
 docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md b/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
index 67142a32e..e49bb34fe 100644
--- a/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
+++ b/docs/content/patterns/alz/HowTo/ActivityLog_Alerts_Table.md
@@ -1,5 +1,5 @@
 ---
-title: Metrics alert table
+title: Activity Log alerts table
 geekdocHidden: true
 ---
 
diff --git a/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md b/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
index a24acfd3e..f9785c53f 100644
--- a/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
+++ b/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
@@ -1,5 +1,5 @@
 ---
-title: Log-search alert table
+title: Log-search alerts table
 geekdocHidden: true
 ---
 
diff --git a/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md b/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
index e58bff812..113d88196 100644
--- a/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
+++ b/docs/content/patterns/alz/HowTo/Metrics_Alerts_Table.md
@@ -1,5 +1,5 @@
 ---
-title: Metrics alert table
+title: Metrics alerts table
 geekdocHidden: true
 ---
 

From 59402720bf16d2c17524e4cec9fab1d19a30b68a Mon Sep 17 00:00:00 2001
From: Brunoga-MS <bruno.gabrielli@microsoft.com>
Date: Thu, 19 Dec 2024 19:49:20 +0100
Subject: [PATCH 5/5] Update HybridVMDisconnectedAlert threshold type to
 Timespan in docu

---
 docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md b/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
index f9785c53f..6fa9bef78 100644
--- a/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
+++ b/docs/content/patterns/alz/HowTo/Log_Search_Alerts_Table.md
@@ -8,7 +8,7 @@ geekdocHidden: true
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskReadLatencyAlert | _Log search_ | ***\_amba-ReadLatencyMs-Data-threshold-Override\_*** | Number | 35 |
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMLowDataDiskSpaceAlert | _Log search_ | ***\_amba-FreeSpacePercentage-Data-threshold-Override\_*** | Number | 8 |
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighDataDiskWriteLatencyAlert | _Log search_ | ***\_amba-WriteLatencyMs-Data-threshold-Override\_*** | Number | 35 |
-| Machine - Azure Arc | *```subscription().displayName```*-HybridVMDisconnectedAlert | _Log search_ | ***\_amba-Disconnected-threshold-Override\_*** | Number | 5 |
+| Machine - Azure Arc | *```subscription().displayName```*-HybridVMDisconnectedAlert | _Log search_ | ***\_amba-Disconnected-threshold-Override\_*** | [Timespan](https://learn.microsoft.com/en-us/kusto/query/scalar-data-types/timespan?view=microsoft-fabric) | 5m, 10d, 2h |
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMHeartBeatAlert | _Log search_ | ***\_amba-Heartbeat-threshold-Override\_*** | Number | 5 |
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkInAlert | _Log search_ | ***\_amba-ReadBytesPerSecond-threshold-Override\_*** | Number | 20000000 |
 | Machine - Azure Arc | *```subscription().displayName```*-HybridVMHighNetworkOutAlert | _Log search_ | ***\_amba-WriteBytesPerSecond-threshold-Override\_*** | Number | 20000000 |