堆栈内存溢出
  简体   繁体   English

如何使用Azure API检索“日志搜索”警报规则

[英]How to retrieve a “Log Search” alert rule using the Azure API

 原文  2019-03-11 12:18:10       azure/ alerts

问题描述

I have created a "Log Search" alert rule using the Azure Portal, and I want to retrieve its configuration so that I can automate its creation. 我已经使用Azure门户创建了“日志搜索”警报规则,并且想要检索其配置,以便可以自动创建它。 I've done that for other alert rules without issues. 对于其他没有问题的警报规则,我已经这样做了。

The problem is that I could not find which API to call to retrieve the rule . 问题是我找不到要调用哪个API来检索规则 I would expect to find it when calling https://management.azure.com/subscriptions/{subscriptionId}/providers/microsoft.insights/scheduledQueryRules , but that returns an empty list. 我希望在调用https://management.azure.com/subscriptions/{subscriptionId}/providers/microsoft.insights/scheduledQueryRules时找到它,但是返回一个空列表。 (I've triple checked that the subscriptionId is correct) (我已经三遍检查了subscriptionId是否正确)

I can see the rule in the Azure Portal, and also if I list the resources from the containing resource group: 我可以在Azure门户中看到该规则,也可以从包含的资源组中列出资源:

在Azure门户中看到的规则 

GET https://management.azure.com/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/resources?api-version=2018-05-01

{
  "value": [
    {
      "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/Microsoft.Insights/actiongroups/Development",
      "name": "Development",
      "type": "Microsoft.Insights/actiongroups",
      "location": "global"
    },
    // This is the alert rule that I am looking for:
    {
      "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/microsoft.insights/scheduledqueryrules/dev-thelistlogs|7719d32a-4617-46bf-91e8-3f6977076d52|139d8419-a218-4774-b9a5-7c513f87384d|6fa515f3-b78e-4087-9621-ed5a14e62903",
      "name": "dev-thelistlogs|7719d32a-4617-46bf-91e8-3f6977076d52|139d8419-a218-4774-b9a5-7c513f87384d|6fa515f3-b78e-4087-9621-ed5a14e62903",
      "type": "microsoft.insights/scheduledqueryrules",
      "location": "westeurope",
      "tags": {
        "hidden-link:/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/Microsoft.OperationalInsights/workspaces/dev-thelistlogs": "Resource"
      }
    },
    {
      "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/Microsoft.OperationalInsights/workspaces/dev-thelistlogs",
      "name": "dev-thelistlogs",
      "type": "Microsoft.OperationalInsights/workspaces",
      "location": "westeurope"
    }
  ]
}

I am also unable to find the rule in the Azure Resource Explorer. 我也无法在Azure资源浏览器中找到规则。

I've been running in circles trying every API remotely related with alerts, log analytics, metric, etc..., all without success. 我一直在尝试各种与警报,日志分析,指标等远程相关的API,但都没有成功。

How can I retrieve the details of this rule using the Azure API ? 如何使用Azure API检索此规则的详细信息?

Edit 编辑

As can be seen on my answer, I found a way to retrieve the details. 从我的答案可以看出,我找到了一种检索详细信息的方法。 Still I'd like to know why is the scheduledQueryRules list api not returning that rule ? 还是我想知道为什么ScheduledQueryRules列表api不返回该规则?

Edit 2 编辑2

After being able to retrieve the rule details I went ahead and created a new rule similar to that one using a resource manager template. 在能够检索规则详细信息之后,我继续使用资源管理器模板创建了一个类似于该规则的新规则。 It turns out that this new rule is returned by the APIs, but the original one is still missing. 事实证明,API会返回此新规则,但原始规则仍然缺失。

1 个解决方案

解决方案1
 0  2019-03-11 13:57:22

I found a way, by first listing the resources in the resource group, figuring out the name of the alert rule, then retrieving the detail of that rule using GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.insights/scheduledQueryRules/{ruleName} : 我找到了一种方法,首先列出资源组中的资源,弄清楚警报规则的名称,然后使用GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.insights/scheduledQueryRules/{ruleName}检索该规则的详细信息GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.insights/scheduledQueryRules/{ruleName} 

GET https://management.azure.com/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourcegroups/dev-shared/providers/microsoft.insights/scheduledQueryRules/dev-thelistlogs|7719d32a-4617-46bf-91e8-3f6977076d52|139d8419-a218-4774-b9a5-7c513f87384d|6fa515f3-b78e-4087-9621-ed5a14e62903

{
  "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/microsoft.insights/scheduledqueryrules/dev-thelistlogs|7719d32a-4617-46bf-91e8-3f6977076d52|139d8419-a218-4774-b9a5-7c513f87384d|6fa515f3-b78e-4087-9621-ed5a14e62903",
  "name": "dev-thelistlogs|7719d32a-4617-46bf-91e8-3f6977076d52|139d8419-a218-4774-b9a5-7c513f87384d|6fa515f3-b78e-4087-9621-ed5a14e62903",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {
    "hidden-link:/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/Microsoft.OperationalInsights/workspaces/dev-thelistlogs": "Resource"
  },
  "kind": null,
  "etag": "\"dc011985-0000-0000-0000-5c8641250000\"",
  "properties": {
    "description": "temp2",
    "displayName": "temp2",
    "enabled": "true",
    "lastUpdatedTime": "2019-03-11T11:06:13.5080064Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "<omitted>",
      "dataSourceId": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/dev-shared/providers/Microsoft.OperationalInsights/workspaces/dev-thelistlogs",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 5,
      "timeWindowInMinutes": 5
    },
    "action": {
      "severity": "1",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourcegroups/dev-shared/providers/microsoft.insights/actiongroups/development"
        ],
        "emailSubject": null,
        "customWebhookPayload": "{ \"alertname\":\"#alertrulename\", \"IncludeSearchResults\":true }"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 0
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure Log Analytics 工作区警报规则在使用 Azure powershell 禁用警报规则时给出错误网关错误 - Azure Log Analytics workspace alert rule giving bad gateway error while disabling alert rule using Azure powershell 使用Azure Log Analytics,是否可以根据搜索查询结果设置警报规则? - With Azure Log Analytics, is there has a way to set an alert rule based on the Search Query Results? 如何使用 PowerShell 在 Azure 中创建新的警报规则? - How to create a new alert rule in Azure using PowerShell? 如何使用Powershell在Azure中检索警报的当前状态 - How to retrieve the current state of an Alert in Azure using Powershell 使用ARM模板成功创建了Azure日志警报规则,但未出现在门户中 - Azure log alert rule created successfully with ARM template but not appearing in portal 如何指定Azure API管理的告警规则只针对特定的API? - How do I specify an alert rule for Azure API management for only a specific API? Azure Log Analytics - 搜索 REST API - 如何对结果进行分页 - Azure Log Analytics - Search REST API - How to Paginate through results 通过 Powershell 创建 Azure 监控日志搜索警报规则 - Creating Azure Monitor Log Search Alert Rules via Powershell Azure Monitor警报跨资源日志搜索错误 - Azure Monitor alert cross-resource log search error 使用 Remove-AzScheduledQueryRule 删除 Azure 警报规则(如果存在) - Remove Azure alert rule if exists using Remove-AzScheduledQueryRule
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM