How do you set a sliding window in an Azure Alert rule?

Question

I'm trying to set up an Azure Alert rule that triggers when a certain amount of exceptions occur. I want the alert to be fired whenever five exceptions occur within a one minute sliding window. To save a bit of money, I would like the alert to run once every six hours. (In other words, once every six hours, I want it to scan the logs from the past six hours and see if there are any one-minute windows where five exceptions occurred.)

Is this possible? When I try to do it, it says that the frequency of evaluation must be equal to or less than the aggregation granularity. Is what I'm trying to do even possible? Here's a screenshot of the settings I'm trying to use:

Answer 1

Update: ChatGPT helped me write a KQL query that achieves what I'm looking for. I'm going to move forward with this for now, but if anyone knows how to achieve something equivalent using the alert rule configuration options shown in my screenshot, please let me know.

exceptions
| where timestamp >= ago(6h) // Filter records within the past six hours
| where outerMessage == "SEND_ALERT" 
| summarize exceptionCount = count() by bin(timestamp, 1m) // Count exceptions per minute
| where exceptionCount >= 5 // Filter for minutes with five or more exceptions