For better prediction on crisis, I need to set up an alert on a combination of conditions, the first condition is based on SystemSample view by evaluating the CPU Util percentage, the second condition is based on NetworkSample view by evaluating the delta between receive bytes per second and transmit bytes per second, the two conditions are created via NRQL.
The reason that I created two alert conditions is because NRQL based alert conditions don’t accept multiple attributes. I then added the conditions into the same alert policy and hoped that the policy will look at both conditions, and won’t trigger an incident until both of the conditions have violation. However, the way alert policy works isn’t like what I expected, it still looks at individual conditions, the only difference among the three options is the number of incident records.
So I’m wondering if there is a way to create an alert based on multiple conditions, and the alert won’t be triggered unless both the conditions are met.