Reputation: 190
Script based Azure Alerts
I would like to create an Azure Alert rule using the Azure Resource Graph tables, which are not available inside Azure Log Analytics. Using Azure CLI, a query can be sent to Azure Resource Graph ex:
az graph query "<QUERY>" --query count
Is it possible to create an Azure Alert based on the result of this query?
Upvotes: 1
Views: 839
Answers (1)
Reputation: 8058
There is no direct way to create an alert using graph query. Here are the approaches I worked on to create it.
Approach-1:
You can create it with the help of terraform running in azCLI. Refer SO.
Approach-2:
Using scheduled query parameter for az monitorcommand, I created an alert within the given scope as per your requirement.
I've tried creating a sample alert and it worked for me.
az monitor scheduled-query create -g "xxxxresourcegroup" -n "xxxalert" --scopes "/subscriptions/<subscriptionID>/resourcegroups/xxxxresourcegroup/providers/Microsoft.Compute/virtualMachines/xxxxxVMName" --condition "count 'Placeholder_1' > 360 resource id _ResourceId at least 1 violations out of 5 aggregated" --condition-query Placeholder_1="union Event | where TimeGenerated > ago(3h) | where EventLevelName=='xxxxxError' or SeverityLevel=='xxxerror'" --description "xxxxxxxxx"
Output:
Approach-3:
By using az monitor metrics alert in azCli, you can build it without using a query.
I've taken a sample alert to check the condition of CPU (CPU %>50) and was able to perform it as shown here:
az monitor metrics alert create -n alert1 -g "xxxxxresourcegroup" --scopes "/subscriptions/< Subscription_ID >/resourcegroups/<resourcegroupName>/providers/Microsoft.Compute/virtualMachines/xxxVMName" --condition "avg Percentage CPU > 50" --description "CPU Percentage"
Output:
Approach-4:
Usually, we can create an alert rule by executing a log query from required resource and then create a new alert rule.
I tried with an example query to check for missing software updates on virtual machine logs.
Click on New alert rule and search query will be automatically updated and select how to summarize the results.
Add Alert logic. When the threshold value of 50 is reached for an assigned event, an alert is fired via sending an email.
After an alert is fired, you can select an action from action group if you have already defined, else create one before an alert is triggered.
Provide Alert rule name and required details.
New alert rule is created successfully.
Reference: MsDoc
Upvotes: 1
Related Questions
- Disable/Enable Azure monitor alert rules by azure automation powershell
- Get list of "new alerts" for azure monitor
- Sending alert by analyzing Azure logs
- How can i trigger an azure monitoring alert manually?
- Create alert based on custom logs by using azure command line tool
- How to create Azure Alerts using Terraform
- Alert monitor trigger an azure function
- How do I find the automation parameters for Azure alerts?
- Create Azure Alerts with query to monitor multiple VM's?
- Taking action for alerts on only specific VMs in Azure