I am creating azure alerts through the KQL queries, however I need to customize query so that it creates single alert when there are multiple same type of events occur. At present it creates one alert for every event. Below is the query and it runs once in a day.
AzureDiagnostics
|where ResourceProvider contains "MICROSOFT.KEYVAULT"
| where OperationName contains "KeyCreate"
| where ResultType == "Success"
| project _ResourceId, OperationName, ResultType, id_s, identity_claim_upn_s
