CODEWITHSUNDEEP
azurepowershellazure-cliazure-log-analytics
APowell
APowell

Reputation: 43

Creating Azure Monitor Log Search Alert Rules via Powershell

I'm trying to create some azure monitor rules for the output of log searches, doing this through the web UI is simple enough but I want to automate this through the CLI.

Looking through the documentation there doesn't seem to be a way that I can see to do this, but AFAIK everything is possible through the CLI?

I've tried creating the alert rule manually and then looking at the output of Get-AzureRmAlertRule but this shows no results for the log search alert.

Has anyone managed to do this via the CLI?

Upvotes: 4

Views: 2345

Answers (3)

Heshan
Heshan

Reputation: 918

This method is not using the powershell but Azure CLI. Azure ClI can be used for the same purpose as PowerShell doesn't support creating classic insight alerts anymore. Calling this through an azure cli task will get this done easily.Query can be customized in this scenario just getting all exceptions.

             az monitor scheduled-query create \
                --name "{AlertName}" \
                --resource-group "{ResourceGroupName}" \
                --scopes "/subscriptions/{subscriptionName}/resourceGroups/{ResourceGroupName}/providers/microsoft.insights/components/{appinsightname}" \
                --description "Test rule" \
                --action "/subscriptions/{subscriptionName}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Insights/actiongroups/{ActionGroupName}" \
                --evaluation-frequency 5m \
                --mute-actions-duration PT30M \
                --severity 3 \
                --condition "count 'QRY1' > 0" \
                --condition-query QRY1="exceptions" \
                --auto-mitigate false

Upvotes: 0

Arun
Arun

Reputation: 324

Also there are few ready sample code created here -> https://github.com/microsoft/manageability-toolkits

which can get you started right away. This script creates azure monitor alerts in automated way via powershell. Also uses the same commandlets.

Hope it makes your job easy..

Upvotes: 1

Bhargavi Annadevara
Bhargavi Annadevara

Reputation: 5512

Hello and welcome to Stack Overflow! :)

Custom log search alerts are of type microsoft.insights/scheduledqueryrules. And so you may use Get-AzScheduledQueryRule to get all the Scheduled Query resources.

Although creating a Log Search rule could get a bit tricky as it involves multiple PS cmdlets, it is still possible with New-AzScheduledQueryRule.

Please give it a try and let me know if you run into issues. I can work up a sample script in that case.

Hope this helps!

Upvotes: 2

Related Questions