Reputation: 51
Create alert based on custom logs by using azure command line tool
I have tried creating metrics alert based on custom log query by using az command line tool. What I have managed to so far is to;
- saving custom log query
- creating action group for sending alert information
What I have not managed to do is to create alert by using az monitor metrics alert create command so that it is based on number of results the saved loq query returns. Is it possible to create metric alert based on custom log query by using az command line tool?
Upvotes: 3
Views: 1876
Answers (2)
Reputation: 5251
If you know the command, the help messages are generally quite useful and detailed:
az monitor scheduled-query create --help
Here's one example based on a query that worked for me. It assumes you've already created a resource group, workspace and action group:
RESOURCE_GROUP="ResourceGroupName"
WORKSPACE_NAME="LogAnalyticsWorkspaceName"
ACTION_GROUP_NAME="ActionGroupName"
QUERY='AzureDiagnostics
| where Message contains "Connection successful"
| where TimeGenerated > ago(5m)
| order by TimeGenerated desc'
WORKSPACE_ID=$(az monitor log-analytics workspace show \
--resource-group $RESOURCE_GROUP \
--workspace-name $WORKSPACE_NAME \
--query id --out tsv)
az monitor scheduled-query create \
--name "TestScheduledQuery" \
--resource-group $RESOURCE_GROUP \
--scopes $WORKSPACE_ID \
--description "Test rule" \
--action $ACTION_GROUP_NAME \
--evaluation-frequency 5m \
--mute-actions-duration PT30M \
--severity 3 \
--condition "count 'QRY1' > 0" \
--condition-query QRY1="$QUERY"
This example will:
- run every 5 minutes (
--evaluation-frequency) - look for new diagnostics fitting the constraints that were generated in the last 5 minutes (
QUERY) - if the match count is greater than zero (
--condition):- it'll activate an alert (send a mail, etc. depending on the Action Group in
--action) - and once an alert has fired it will be muted for 30 minutes so that repeated alerts won't spam anyone (
--mute-actions-duration)
- it'll activate an alert (send a mail, etc. depending on the Action Group in
Most of these settings are the defaults anyway, I've just defined them for clarity.
Upvotes: 2
Reputation: 5492
Custom log search alerts are of type microsoft.insights/scheduledqueryrules. So you may use the az monitor scheduled-query set of commands to manage your Scheduled Query rules (resources).
To create a scheduled query, use the az monitor scheduled-query create command:
az monitor scheduled-query create --condition
--name
--resource-group
--scopes
[--action]
[--description]
[--disabled {false, true}]
[--evaluation-frequency]
[--location]
[--mad]
[--severity]
[--tags]
[--target-resource-type]
[--window-size]
Check the Azure CLI command reference to know the available parameters and their definitions.
Some other ways of creating Log alerts are described in this document: Create, view, and manage log alerts using Azure Monitor
Upvotes: 0
Related Questions
- Script based Azure Alerts
- Creating Azure Monitor Log Search Alert Rules via Powershell
- Sending alert by analyzing Azure logs
- How can i trigger an azure monitoring alert manually?
- Azure Log Analytics. Create Alert Rules with ARM Template
- How to create a new alert rule in Azure using PowerShell?
- Azure Alert off of Log Analytics Table Schema
- Trigger Azure Log analytics alert based on log file append
- To create the Log Analytics alerts using Azure Power Shell or Azure CLI
- Create Azure Alerts with query to monitor multiple VM's?