[英]How to create custom alerts with log analytics query by using ARM templates
I am working on to create the alerts in azure for various azure resources using ARM templates.我正在努力使用 ARM 模板为各种 azure 资源在 azure 中创建警报。 But I want to create custom alerts for Azure Data Factory by using below log analytics query:
但我想使用以下日志分析查询为 Azure 数据工厂创建自定义警报:
"alertLogQuery": "ADFPipelineRun\r\n| where ResourceId has 'df-xxx-xxx-xxxx'\r\n| where TimeGenerated > ago(15m)\r\n| where Status has 'Queued'\r\n| where PipelineName in ('pl_xxx_Business_xxx_Check', 'pl_xxx_xxxx_Date_Check')\r\n| summarize by PipelineName, TimeGenerated\n",
"alertLogQuery": "ADFPipelineRun\r\n| 其中 ResourceId 为 'df-xxx-xxx-xxxx'\r\n| 其中 TimeGenerated > ago(15m)\r\n| 其中 Status 为 'Queued'\r\n | where PipelineName in ('pl_xxx_Business_xxx_Check', 'pl_xxx_xxxx_Date_Check')\r\n| 按 PipelineName, TimeGenerated\n",
Template file:模板文件:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"rgNameOfActionGroup": {
"type": "string",
"metadata": {
"description": "The resource group name of the action group"
}
},
"actionGroupName": {
"type": "string",
"metadata": {
"description": "The name of the action group"
}
},
"rgNameOfLogAnalyticsWorkspace": {
"type": "string",
"metadata": {
"description": "The resource group name of the log analytics workspace"
}
},
"logAnalyticsWorkspaceName": {
"type": "string",
"metadata": {
"description": "The name of the log analytics workspace"
}
},
"alertTypes": {
"type": "array",
"metadata": {
"description": "An array that contains objects with properties for the metric alerts."
}
}
},
"variables": {
"actionGroupResourceId": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfActionGroup'), '/providers/Microsoft.insights/actionGroups/', parameters('actionGroupName'))]",
"workspaceResourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfLogAnalyticsWorkspace'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('logAnalyticsWorkspaceName'))]",
"copy": [
{
"name": "alertTypes",
"count": "[length(parameters('alertTypes'))]",
"input": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
}
],
"alertSource": {
"Type": "ResultCount"
},
"alertEvaluation": {
"Frequency": 15,
"Time": 15
},
"alertActions": {
"SuppressTimeinMin": 20
}
},
"resources": [
{
"copy": {
"name": "alertTypes",
"count": "[length(parameters('alertTypes'))]"
},
"name": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]",
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "global",
"tags": {},
"properties": {
"description": "[parameters('alertTypes')[copyIndex('alertTypes')].alertDescription]",
"enabled": "[parameters('isEnabled')]",
"source": {
"query": "[parameters('alertTypes')[copyIndex('alertTypes')].alertLogQuery]",
"dataSourceId": "[variables('workspaceResourceId')]",
"queryType": "[variables('alertSource').Type]"
},
"schedule": {
"frequencyInMinutes": "[variables('alertEvaluation').Frequency]",
"timeWindowInMinutes": "[variables('alertEvaluation').Time]"
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "[parameters('alertTypes')[copyIndex('alertTypes')].alertSeverity]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction": {
"actionGroup": "[array(variables('actionGroupResourceId'))]",
"emailSubject": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
},
"trigger": {
"thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
"threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
"metricTrigger": {
"thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
"threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
"metricColumn": "Classification",
"metricTriggerType": "Consecutive"
}
}
}
}
}
],
"outputs": {
"alertNames": {
"type": "array",
"value": "[variables('alertTypes')]"
}
}
}
I'm getting the below error:我收到以下错误:
Template validation failed: The template resource 'df-xx-xx-xxx-Queued Demo ADF pipelines alert/report' for type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]' at line '71' and column '60' has incorrect segment lengths.
模板验证失败:模板资源 'df-xx-xx-xxx-Queued Demo ADF pipelines alert/report' for type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]' at line “71”和“60”列的段长度不正确。 A nested resource type must have identical number of segments as its resource name.
嵌套资源类型必须具有与其资源名称相同的段数。 A root resource type must have segment length one greater than its resource name.
根资源类型的段长度必须比其资源名称大一。
So, can anyone suggest me how to fix the above issue.那么,任何人都可以建议我如何解决上述问题。
Please refer to this link .请参考此链接。 In the
variables
-> alertSource
section, you can add your custom alert rule there:在
variables
-> alertSource
部分,您可以在此处添加自定义警报规则:
"alertSource":{
"Query":"write your query here",
"SourceId": "xxxxx",
"Type":"xxxx"
},
Note that you need to escape some characters like ""
in your query if it has.请注意,如果有,您需要在查询中转义一些字符,例如
""
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.