stackoom
  简体   繁体   中英

Azure - Deploy alert rules with ARM template with Metric Measurement parameter (Not Result count)

 原文  2020-03-30 09:05:55       azure/ azure-log-analytics/ azure-alerts

Question

I have a little issue to deploy correct alert rule in Azure.

My alerts are Log Analytics Query and deployment works fine. But, all my alerts was created with "Number of result" while I want "Metric Measurement".

Alert type

警报类型

I tried to create an correct alert in Azure, and use JSON parameters in Activity logs, but I don't understand where is this parameter.

I also search in https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction but it say "ResultCount" only.

Know you what is the good parameter to do this ?

My template.json 

 { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "defaultValue": "", "metadata": { "description": "The ID of the action group that is triggered when the alert is activated or deactivated" }, "type": "string" }, "alertDescription": { "defaultValue": "This is a metric alert", "metadata": { "description": "Description of alert" }, "type": "string" }, "alertName": { "metadata": { "description": "Name of the alert" }, "type": "string" }, "alertSeverity": { "allowedValues": [ 0, 1, 2, 3, 4 ], "defaultValue": 3, "metadata": { "description": "Severity of alert {0,1,2,3,4}" }, "type": "int" }, "consecutiveBreachTrigger": { "defaultValue": "", "metadata": { "description": "" }, "type": "string" }, //"isEnabled": { // "defaultValue": true, // "metadata": { // "description": "Specifies whether the alert is enabled" // }, // "type": "bool" // }, "metricColumn": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeMetricTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "operatorMetricTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "operatorTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "PfrequencyInMin": { "defaultValue": "", "metadata": { "description": "Time along the query is running" }, "type": "string" }, "PtimeWindowFrequency": { "defaultValue": "", "metadata": { "description": "Frequency of often should be run the alert" }, "type": "string" }, "query": { "defaultValue": "", "metadata": { "description": "Query to use for this alert" }, "type": "string" }, "queryType": { "defaultValue": "", "metadata": { "description": "Type of the query" }, "type": "string" }, "region": { "defaultValue": "", "metadata": { "description": "Region of the workspace" }, "type": "string" }, "resourceId": { "metadata": { "description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz" }, "minLength": 1, "type": "string" }, "thresholdMetricTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" }, "thresholdTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" } }, "resources": [ { "apiVersion": "2018-04-16", "location": "[parameters('region')]", "name": "[parameters('alertName')]", "properties": { "action": { "aznAction": { "actionGroup": "[parameters('actionGroup')]" }, "metricTrigger": { "metricColumn": "[parameters('metricColumn')]", "metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]", "threshold": "[parameters('thresholdMetricTrigger')]", "thresholdOperator": "[parameters('operatorMetricTrigger')]" }, "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction", "severity": "[parameters('alertSeverity')]", "trigger": { "consecutiveBreach": "[parameters('consecutiveBreachTrigger')]", "metricTriggerType": "[parameters('metricTriggerTypeTrigger')]", "threshold": "[parameters('thresholdTrigger')]", "thresholdOperator": "[parameters('operatorTrigger')]" } }, "description": "[parameters('alertDescription')]", "displayname": "[parameters('alertName')]", "enabled": "true", "schedule": { "frequencyInMinutes": "[parameters('PfrequencyInMin')]", "timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]" }, "source": { "datasourceID": "[parameters('resourceId')]", "query": "[parameters('query')]", "queryType": "[parameters('queryType')]" } }, "tags": {}, "type": "microsoft.insights/scheduledqueryrules" } ], "variables": {} }

parameters.json 

 { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "value": "Production Server" }, "alertDescription": { "value": "RAM used in percentage" }, "alertName": { "value": "VM - Memory Usage (Metric)" }, "alertSeverity": { "value": 3 }, "consecutiveBreachTrigger": { "value": "1" }, // "isEnabled": { // "value": true // }, "metricColumn": { "value": "Computer" }, "metricTriggerTypeMetricTrigger": { "value": "Consecutive" }, "metricTriggerTypeTrigger": { "value": "Consecutive" }, "operatorMetricTrigger": { "value": "GreaterThan" }, "operatorTrigger": { "value": "GreaterThan" }, "PfrequencyInMin": { "value": "30" }, "PtimeWindowFrequency": { "value": "60" }, "query": { "value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB' | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['vm.azm.ms/memorySizeMB']) | project TimeGenerated, Computer , Namespace, Val , Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)" }, "queryType": { "value": "Metric" }, "region": { "value": "westeurope" }, "resourceId": { "value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs" }, "thresholdMetricTrigger": { "value": "1" }, "thresholdTrigger": { "value": "80" } } }

Thanks you in advance.

Regards,

Aurélien

1 answers

solution1
 0 ACCPTED  2020-03-31 04:18:46

If you want to create log research alert, please change the query type as ResultCount and we also need to specify the trigger like

"trigger": {
        "thresholdOperator": "<>",
        "threshold": 0,
        "metricTrigger": {
          "thresholdOperator": "<>",
          "threshold": 1,
          "metricTriggerType": "Consecutive",
          "metricColumn": "<your colum>"
        }

For example

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
    },
    "variables": {
        "alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
        "alertName": "test",
        "alertDescr": "test",
        "alertStatus": "true",
        "alertSource":{
            "Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",

            "SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
            "Type":"ResultCount"
        },
        "alertSchedule":{
            "Frequency": 5,
            "Time": 5
        },
        "alertActions":{
            "SeverityLevel": "3",
            "SuppressTimeinMin": 20
        },
        "alertTrigger":{
            "Operator":"GreaterThan",
            "Threshold":"1"
        },
        "metricMeasurement": {
            "thresholdOperator": "GreaterThan",
          "threshold": 1,
          "metricTriggerType": "Consecutive",
          "metricColumn": "TimeGenerated"
        },
        "actionGrp":{
            "ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"

        }
    },
    "resources":[ {
        "name":"[variables('alertName')]",
        "type":"Microsoft.Insights/scheduledQueryRules",
        "apiVersion": "2018-04-16",
        "location": "[variables('alertLocation')]",
        "properties":{
            "description": "[variables('alertDescr')]",
            "enabled": "[variables('alertStatus')]",
            "source": {
                "query": "[variables('alertSource').Query]",
                "authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
                "dataSourceId": "[variables('alertSource').SourceId]",
                "queryType":"[variables('alertSource').Type]"
            },
            "schedule":{
                "frequencyInMinutes": "[variables('alertSchedule').Frequency]",
                "timeWindowInMinutes": "[variables('alertSchedule').Time]"
            },
            "action":{
                "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
                "severity":"[variables('alertActions').SeverityLevel]",
                "throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
                "aznsAction":{
                    "actionGroup": "[array(variables('actionGrp').ActionGroup)]"
                },
                "trigger":{
                    "thresholdOperator":"[variables('alertTrigger').Operator]",
                    "threshold":"[variables('alertTrigger').Threshold]",
                    "metricTrigger":{
                        "thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
                        "threshold": "[variables('metricMeasurement').threshold]",
                        "metricColumn": "[variables('metricMeasurement').metricColumn]",
                        "metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
                    }
                }
            }
        }
    } ]
}

Result在此处输入图片说明

For more details, please refer to

https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing-log-alerts-using-azure-resource-template

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure metric alert dimension operator ARM-Template Azure Log Analytics Metric Measurement Alert Azure Log Analytics. Create Alert Rules with ARM Template When i deploy my Azure ARM Template it creates a storage, not an alert Deploy Azure Function with ARM template Azure ARM template with array as parameter Azure - Specifying Load Balancer Rules in ARM Template Azure Application Insights Alert Rule in ARM Template Azure: Failed log alert deployment with ARM template Deploy Azure VM , ARM template with basic software
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM