Azure - 使用 ARM 模板和 Metric Measurement 参数(非结果计数)部署警报规则
[英]Azure - Deploy alert rules with ARM template with Metric Measurement parameter (Not Result count)
问题描述
I have a little issue to deploy correct alert rule in Azure.
我在 Azure 中部署正确的警报规则时遇到了一个小问题。
My alerts are Log Analytics Query and deployment works fine.我的警报是 Log Analytics 查询,部署工作正常。 But, all my alerts was created with "Number of result" while I want "Metric Measurement".但是,我所有的警报都是用“结果数量”创建的,而我想要“度量标准”。
Alert type警报类型
I tried to create an correct alert in Azure, and use JSON parameters in Activity logs, but I don't understand where is this parameter.我试图在 Azure 中创建一个正确的警报,并在活动日志中使用 JSON 参数,但我不明白这个参数在哪里。
I also search in https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction but it say "ResultCount" only.我也在https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction 中搜索,但它只说“ResultCount”。
Know you what is the good parameter to do this ?知道你这样做的好参数是什么吗?
My template.json我的模板.json
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "defaultValue": "", "metadata": { "description": "The ID of the action group that is triggered when the alert is activated or deactivated" }, "type": "string" }, "alertDescription": { "defaultValue": "This is a metric alert", "metadata": { "description": "Description of alert" }, "type": "string" }, "alertName": { "metadata": { "description": "Name of the alert" }, "type": "string" }, "alertSeverity": { "allowedValues": [ 0, 1, 2, 3, 4 ], "defaultValue": 3, "metadata": { "description": "Severity of alert {0,1,2,3,4}" }, "type": "int" }, "consecutiveBreachTrigger": { "defaultValue": "", "metadata": { "description": "" }, "type": "string" }, //"isEnabled": { // "defaultValue": true, // "metadata": { // "description": "Specifies whether the alert is enabled" // }, // "type": "bool" // }, "metricColumn": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeMetricTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "operatorMetricTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "operatorTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "PfrequencyInMin": { "defaultValue": "", "metadata": { "description": "Time along the query is running" }, "type": "string" }, "PtimeWindowFrequency": { "defaultValue": "", "metadata": { "description": "Frequency of often should be run the alert" }, "type": "string" }, "query": { "defaultValue": "", "metadata": { "description": "Query to use for this alert" }, "type": "string" }, "queryType": { "defaultValue": "", "metadata": { "description": "Type of the query" }, "type": "string" }, "region": { "defaultValue": "", "metadata": { "description": "Region of the workspace" }, "type": "string" }, "resourceId": { "metadata": { "description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz" }, "minLength": 1, "type": "string" }, "thresholdMetricTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" }, "thresholdTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" } }, "resources": [ { "apiVersion": "2018-04-16", "location": "[parameters('region')]", "name": "[parameters('alertName')]", "properties": { "action": { "aznAction": { "actionGroup": "[parameters('actionGroup')]" }, "metricTrigger": { "metricColumn": "[parameters('metricColumn')]", "metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]", "threshold": "[parameters('thresholdMetricTrigger')]", "thresholdOperator": "[parameters('operatorMetricTrigger')]" }, "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction", "severity": "[parameters('alertSeverity')]", "trigger": { "consecutiveBreach": "[parameters('consecutiveBreachTrigger')]", "metricTriggerType": "[parameters('metricTriggerTypeTrigger')]", "threshold": "[parameters('thresholdTrigger')]", "thresholdOperator": "[parameters('operatorTrigger')]" } }, "description": "[parameters('alertDescription')]", "displayname": "[parameters('alertName')]", "enabled": "true", "schedule": { "frequencyInMinutes": "[parameters('PfrequencyInMin')]", "timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]" }, "source": { "datasourceID": "[parameters('resourceId')]", "query": "[parameters('query')]", "queryType": "[parameters('queryType')]" } }, "tags": {}, "type": "microsoft.insights/scheduledqueryrules" } ], "variables": {} }
parameters.json参数.json
{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "value": "Production Server" }, "alertDescription": { "value": "RAM used in percentage" }, "alertName": { "value": "VM - Memory Usage (Metric)" }, "alertSeverity": { "value": 3 }, "consecutiveBreachTrigger": { "value": "1" }, // "isEnabled": { // "value": true // }, "metricColumn": { "value": "Computer" }, "metricTriggerTypeMetricTrigger": { "value": "Consecutive" }, "metricTriggerTypeTrigger": { "value": "Consecutive" }, "operatorMetricTrigger": { "value": "GreaterThan" }, "operatorTrigger": { "value": "GreaterThan" }, "PfrequencyInMin": { "value": "30" }, "PtimeWindowFrequency": { "value": "60" }, "query": { "value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB' | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['vm.azm.ms/memorySizeMB']) | project TimeGenerated, Computer , Namespace, Val , Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)" }, "queryType": { "value": "Metric" }, "region": { "value": "westeurope" }, "resourceId": { "value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs" }, "thresholdMetricTrigger": { "value": "1" }, "thresholdTrigger": { "value": "80" } } }
Thanks you in advance.提前谢谢你。
Regards,问候,
Aurélien奥雷连
1 个解决方案
解决方案1
0 已采纳 2020-03-31 04:18:46
If you want to create log research alert, please change the query type as ResultCount and we also need to specify the trigger like如果要创建日志研究警报,请将查询类型更改为ResultCount ,我们还需要指定触发器,例如
"trigger": {
"thresholdOperator": "<>",
"threshold": 0,
"metricTrigger": {
"thresholdOperator": "<>",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "<your colum>"
}
For example例如
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
"alertName": "test",
"alertDescr": "test",
"alertStatus": "true",
"alertSource":{
"Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",
"SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
"Type":"ResultCount"
},
"alertSchedule":{
"Frequency": 5,
"Time": 5
},
"alertActions":{
"SeverityLevel": "3",
"SuppressTimeinMin": 20
},
"alertTrigger":{
"Operator":"GreaterThan",
"Threshold":"1"
},
"metricMeasurement": {
"thresholdOperator": "GreaterThan",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "TimeGenerated"
},
"actionGrp":{
"ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"
}
},
"resources":[ {
"name":"[variables('alertName')]",
"type":"Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[variables('alertLocation')]",
"properties":{
"description": "[variables('alertDescr')]",
"enabled": "[variables('alertStatus')]",
"source": {
"query": "[variables('alertSource').Query]",
"authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
"dataSourceId": "[variables('alertSource').SourceId]",
"queryType":"[variables('alertSource').Type]"
},
"schedule":{
"frequencyInMinutes": "[variables('alertSchedule').Frequency]",
"timeWindowInMinutes": "[variables('alertSchedule').Time]"
},
"action":{
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity":"[variables('alertActions').SeverityLevel]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction":{
"actionGroup": "[array(variables('actionGrp').ActionGroup)]"
},
"trigger":{
"thresholdOperator":"[variables('alertTrigger').Operator]",
"threshold":"[variables('alertTrigger').Threshold]",
"metricTrigger":{
"thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
"threshold": "[variables('metricMeasurement').threshold]",
"metricColumn": "[variables('metricMeasurement').metricColumn]",
"metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
}
}
}
}
} ]
}
Result结果
For more details, please refer to欲知更多详情,请参阅
https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing-log-alerts-using-azure-resource-template https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing-log-alerts-using-azure-resource-template
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Azure metric alert 维度操作符 ARM-Template - Azure metric alert dimension operator ARM-Template
Azure日志分析指标衡量警报 - Azure Log Analytics Metric Measurement Alert
Azure 日志分析。 使用 ARM 模板创建警报规则 - Azure Log Analytics. Create Alert Rules with ARM Template
当我部署Azure ARM模板时,它将创建存储而不是警报 - When i deploy my Azure ARM Template it creates a storage, not an alert
使用 ARM 模板部署 Azure Function - Deploy Azure Function with ARM template
以数组为参数的 Azure ARM 模板 - Azure ARM template with array as parameter
Azure-在ARM模板中指定负载均衡器规则 - Azure - Specifying Load Balancer Rules in ARM Template
ARM模板中的Azure Application Insights警报规则 - Azure Application Insights Alert Rule in ARM Template
Azure:使用 ARM 模板部署日志警报失败 - Azure: Failed log alert deployment with ARM template
使用基本软件部署Azure VM和ARM模板 - Deploy Azure VM , ARM template with basic software
相关标签