堆栈内存溢出
  简体   繁体   English

如何使用 ARM 模板通过日志分析查询创建自定义警报

[英]How to create custom alerts with log analytics query by using ARM templates

 原文  2021-02-01 16:05:02       azure/ azure-data-factory-2/ azure-log-analytics/ azure-alerts

问题描述

I am working on to create the alerts in azure for various azure resources using ARM templates.我正在努力使用 ARM 模板为各种 azure 资源在 azure 中创建警报。 But I want to create custom alerts for Azure Data Factory by using below log analytics query:但我想使用以下日志分析查询为 Azure 数据工厂创建自定义警报:

"alertLogQuery": "ADFPipelineRun\r\n| where ResourceId has 'df-xxx-xxx-xxxx'\r\n| where TimeGenerated > ago(15m)\r\n| where Status has 'Queued'\r\n| where PipelineName in ('pl_xxx_Business_xxx_Check', 'pl_xxx_xxxx_Date_Check')\r\n| summarize by PipelineName, TimeGenerated\n", "alertLogQuery": "ADFPipelineRun\r\n| 其中 ResourceId 为 'df-xxx-xxx-xxxx'\r\n| 其中 TimeGenerated > ago(15m)\r\n| 其中 Status 为 'Queued'\r\n | where PipelineName in ('pl_xxx_Business_xxx_Check', 'pl_xxx_xxxx_Date_Check')\r\n| 按 PipelineName, TimeGenerated\n",

Template file:模板文件:

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
    "isEnabled": {
        "type": "bool",
        "defaultValue": true,
        "metadata": {
            "description": "Specifies whether the alert is enabled"
        }
    },
    "rgNameOfActionGroup": {
        "type": "string",
        "metadata": {
            "description": "The resource group name of the action group"
        }
    },
    "actionGroupName": {
        "type": "string",
        "metadata": {
            "description": "The name of the action group"
        }
    },
    "rgNameOfLogAnalyticsWorkspace": {
        "type": "string",
        "metadata": {
            "description": "The resource group name of the log analytics workspace"
        }
    },
    "logAnalyticsWorkspaceName": {
        "type": "string",
        "metadata": {
            "description": "The name of the log analytics workspace"
        }
    },
    "alertTypes": {
        "type": "array",
        "metadata": {
            "description": "An array that contains objects with properties for the metric alerts."
        }
    }
},
"variables": {
    "actionGroupResourceId": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfActionGroup'), '/providers/Microsoft.insights/actionGroups/', parameters('actionGroupName'))]",
    "workspaceResourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfLogAnalyticsWorkspace'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('logAnalyticsWorkspaceName'))]",
    "copy": [
        {
            "name": "alertTypes",
            "count": "[length(parameters('alertTypes'))]",
            "input": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
        }
    ],
    "alertSource": {
        "Type": "ResultCount"
    },
    "alertEvaluation": {
        "Frequency": 15,
        "Time": 15
    },
    "alertActions": {
        "SuppressTimeinMin": 20
    }
},
"resources": [
    {
        "copy": {
            "name": "alertTypes",
            "count": "[length(parameters('alertTypes'))]"
        },
        "name": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]",
        "type": "Microsoft.Insights/scheduledQueryRules",
        "apiVersion": "2018-04-16",
        "location": "global",
        "tags": {},
        "properties": {
            "description": "[parameters('alertTypes')[copyIndex('alertTypes')].alertDescription]",
            "enabled": "[parameters('isEnabled')]",
            "source": {
                "query": "[parameters('alertTypes')[copyIndex('alertTypes')].alertLogQuery]",
                "dataSourceId": "[variables('workspaceResourceId')]",
                "queryType": "[variables('alertSource').Type]"
            },
            "schedule": {
                "frequencyInMinutes": "[variables('alertEvaluation').Frequency]",
                "timeWindowInMinutes": "[variables('alertEvaluation').Time]"
            },
            "action": {
                "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
                "severity": "[parameters('alertTypes')[copyIndex('alertTypes')].alertSeverity]",
                "throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
                "aznsAction": {
                    "actionGroup": "[array(variables('actionGroupResourceId'))]",
                    "emailSubject": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
                },
                "trigger": {
                    "thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
                    "threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
                    "metricTrigger": {
                        "thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
                        "threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
                        "metricColumn": "Classification",
                        "metricTriggerType": "Consecutive"
                    }
                }
            }
        }
    }
],
"outputs": {
    "alertNames": {
        "type": "array",
        "value": "[variables('alertTypes')]"
    }
}
  }

I'm getting the below error:我收到以下错误:

Template validation failed: The template resource 'df-xx-xx-xxx-Queued Demo ADF pipelines alert/report' for type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]' at line '71' and column '60' has incorrect segment lengths.模板验证失败:模板资源 'df-xx-xx-xxx-Queued Demo ADF pipelines alert/report' for type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]' at line “71”和“60”列的段长度不正确。 A nested resource type must have identical number of segments as its resource name.嵌套资源类型必须具有与其资源名称相同的段数。 A root resource type must have segment length one greater than its resource name.根资源类型的段长度必须比其资源名称大一。

So, can anyone suggest me how to fix the above issue.那么,任何人都可以建议我如何解决上述问题。

1 个解决方案

解决方案1
 0  2021-02-02 09:22:20

Please refer to this link .请参考此链接 In the variables -> alertSource section, you can add your custom alert rule there:variables -> alertSource部分,您可以在此处添加自定义警报规则:

"alertSource":{
            "Query":"write your query here",
            "SourceId": "xxxxx",
            "Type":"xxxx"
        },

Note that you need to escape some characters like "" in your query if it has.请注意,如果有,您需要在查询中转义一些字符,例如""

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 是否有ARM模板解决方案可为日志分析创建OMS警报 - Is there an ARM template solution to create OMS alerts for Log analytics 是否有脚本来创建 azure 自定义警报格式和任何日志分析查询以获取 azure 虚拟机状态 - Is there a script to create azure custom alerts format and any log analytics query to get azure VM status 使用 ARM 向 Azure 日志分析添加查询 - Adding a Query to Azure log analytics using ARM 如何使用ARM模板在azure监视器中配置新警报? - how to configure the new alerts in azure monitor using ARM templates? 使用Azure Power Shell或Azure CLI创建日志分析警报 - To create the Log Analytics alerts using Azure Power Shell or Azure CLI 使用ARM模板的应用程序见解警报 - Application insights alerts using ARM templates 有没有办法使用 terraform 为 azure 日志分析中的虚拟机、存储帐户资源创建警报 - is there a way to create alerts for virtual machine, storage account resources in azure log analytics using terraform 如何使用 ARM 模板在存储帐户内创建 blob 容器 - how to create blob container inside Storage Account using ARM templates 如何使用 ARM 模板创建 Azure DigitalTwin 模型、关系和双胞胎? - How to create Azure DigitalTwin models,relationships and twins using ARM templates? 如何使用 ARM 模板创建标准类型的逻辑应用程序 - How to create standard type Logic Apps using ARM templates
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM