Azure - 使用 ARM 模板和 Metric Measurement 参数(非结果计数)部署警报规则
[英]Azure - Deploy alert rules with ARM template with Metric Measurement parameter (Not Result count)
问题描述
我在 Azure 中部署正确的警报规则时遇到了一个小问题。
我的警报是 Log Analytics 查询,部署工作正常。 但是,我所有的警报都是用“结果数量”创建的,而我想要“度量标准”。
警报类型
我试图在 Azure 中创建一个正确的警报,并在活动日志中使用 JSON 参数,但我不明白这个参数在哪里。
我也在https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction 中搜索,但它只说“ResultCount”。
知道你这样做的好参数是什么吗?
我的模板.json
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "defaultValue": "", "metadata": { "description": "The ID of the action group that is triggered when the alert is activated or deactivated" }, "type": "string" }, "alertDescription": { "defaultValue": "This is a metric alert", "metadata": { "description": "Description of alert" }, "type": "string" }, "alertName": { "metadata": { "description": "Name of the alert" }, "type": "string" }, "alertSeverity": { "allowedValues": [ 0, 1, 2, 3, 4 ], "defaultValue": 3, "metadata": { "description": "Severity of alert {0,1,2,3,4}" }, "type": "int" }, "consecutiveBreachTrigger": { "defaultValue": "", "metadata": { "description": "" }, "type": "string" }, //"isEnabled": { // "defaultValue": true, // "metadata": { // "description": "Specifies whether the alert is enabled" // }, // "type": "bool" // }, "metricColumn": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeMetricTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "metricTriggerTypeTrigger": { "defaultValue": "", "metadata": { "description": "Metric type of trigger" }, "type": "string" }, "operatorMetricTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "operatorTrigger": { "allowedValues": [ "Equals", "NotEquals", "GreaterThan", "GreaterThanOrEqual", "LessThan", "LessThanOrEqual" ], "defaultValue": "GreaterThan", "metadata": { "description": "Operator comparing the current value with the threshold value." }, "type": "string" }, "PfrequencyInMin": { "defaultValue": "", "metadata": { "description": "Time along the query is running" }, "type": "string" }, "PtimeWindowFrequency": { "defaultValue": "", "metadata": { "description": "Frequency of often should be run the alert" }, "type": "string" }, "query": { "defaultValue": "", "metadata": { "description": "Query to use for this alert" }, "type": "string" }, "queryType": { "defaultValue": "", "metadata": { "description": "Type of the query" }, "type": "string" }, "region": { "defaultValue": "", "metadata": { "description": "Region of the workspace" }, "type": "string" }, "resourceId": { "metadata": { "description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz" }, "minLength": 1, "type": "string" }, "thresholdMetricTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" }, "thresholdTrigger": { "defaultValue": "0", "metadata": { "description": "The threshold value at which the alert is activated." }, "type": "string" } }, "resources": [ { "apiVersion": "2018-04-16", "location": "[parameters('region')]", "name": "[parameters('alertName')]", "properties": { "action": { "aznAction": { "actionGroup": "[parameters('actionGroup')]" }, "metricTrigger": { "metricColumn": "[parameters('metricColumn')]", "metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]", "threshold": "[parameters('thresholdMetricTrigger')]", "thresholdOperator": "[parameters('operatorMetricTrigger')]" }, "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction", "severity": "[parameters('alertSeverity')]", "trigger": { "consecutiveBreach": "[parameters('consecutiveBreachTrigger')]", "metricTriggerType": "[parameters('metricTriggerTypeTrigger')]", "threshold": "[parameters('thresholdTrigger')]", "thresholdOperator": "[parameters('operatorTrigger')]" } }, "description": "[parameters('alertDescription')]", "displayname": "[parameters('alertName')]", "enabled": "true", "schedule": { "frequencyInMinutes": "[parameters('PfrequencyInMin')]", "timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]" }, "source": { "datasourceID": "[parameters('resourceId')]", "query": "[parameters('query')]", "queryType": "[parameters('queryType')]" } }, "tags": {}, "type": "microsoft.insights/scheduledqueryrules" } ], "variables": {} }
参数.json
{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "actionGroup": { "value": "Production Server" }, "alertDescription": { "value": "RAM used in percentage" }, "alertName": { "value": "VM - Memory Usage (Metric)" }, "alertSeverity": { "value": 3 }, "consecutiveBreachTrigger": { "value": "1" }, // "isEnabled": { // "value": true // }, "metricColumn": { "value": "Computer" }, "metricTriggerTypeMetricTrigger": { "value": "Consecutive" }, "metricTriggerTypeTrigger": { "value": "Consecutive" }, "operatorMetricTrigger": { "value": "GreaterThan" }, "operatorTrigger": { "value": "GreaterThan" }, "PfrequencyInMin": { "value": "30" }, "PtimeWindowFrequency": { "value": "60" }, "query": { "value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB' | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['vm.azm.ms/memorySizeMB']) | project TimeGenerated, Computer , Namespace, Val , Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)" }, "queryType": { "value": "Metric" }, "region": { "value": "westeurope" }, "resourceId": { "value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs" }, "thresholdMetricTrigger": { "value": "1" }, "thresholdTrigger": { "value": "80" } } }
提前谢谢你。
问候,
奥雷连
1 个解决方案
解决方案1
0 已采纳 2020-03-31 04:18:46
如果要创建日志研究警报,请将查询类型更改为ResultCount ,我们还需要指定触发器,例如
"trigger": {
"thresholdOperator": "<>",
"threshold": 0,
"metricTrigger": {
"thresholdOperator": "<>",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "<your colum>"
}
例如
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
"alertName": "test",
"alertDescr": "test",
"alertStatus": "true",
"alertSource":{
"Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",
"SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
"Type":"ResultCount"
},
"alertSchedule":{
"Frequency": 5,
"Time": 5
},
"alertActions":{
"SeverityLevel": "3",
"SuppressTimeinMin": 20
},
"alertTrigger":{
"Operator":"GreaterThan",
"Threshold":"1"
},
"metricMeasurement": {
"thresholdOperator": "GreaterThan",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "TimeGenerated"
},
"actionGrp":{
"ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"
}
},
"resources":[ {
"name":"[variables('alertName')]",
"type":"Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[variables('alertLocation')]",
"properties":{
"description": "[variables('alertDescr')]",
"enabled": "[variables('alertStatus')]",
"source": {
"query": "[variables('alertSource').Query]",
"authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
"dataSourceId": "[variables('alertSource').SourceId]",
"queryType":"[variables('alertSource').Type]"
},
"schedule":{
"frequencyInMinutes": "[variables('alertSchedule').Frequency]",
"timeWindowInMinutes": "[variables('alertSchedule').Time]"
},
"action":{
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity":"[variables('alertActions').SeverityLevel]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction":{
"actionGroup": "[array(variables('actionGrp').ActionGroup)]"
},
"trigger":{
"thresholdOperator":"[variables('alertTrigger').Operator]",
"threshold":"[variables('alertTrigger').Threshold]",
"metricTrigger":{
"thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
"threshold": "[variables('metricMeasurement').threshold]",
"metricColumn": "[variables('metricMeasurement').metricColumn]",
"metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
}
}
}
}
} ]
}
结果
欲知更多详情,请参阅
https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate
当我部署Azure ARM模板时,它将创建存储而不是警报
[英]When i deploy my Azure ARM Template it creates a storage, not an alert
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.