Reputation: 13
How can we set up monitoring and splunk alerts for Azure update manager
I am searching for a way to set up monitoring of Azure update manager and enable splunk alerts to check on failed patches on Virtual machines. Right now I am writing KQL query in azure resource graph explorer to get list of failed patches on windows/linux machines. But on large scale how can we collectively to do this to receive write alerts for the failure.
I wrote a KQL query and used patchresults table to filter out value based on subscription and environment basis
Upvotes: 0
Views: 67
Answers (1)
Reputation: 7923
Below is the query you can use in Azure Resource Graph explorer to gee the patch results from the specific resource.
resources
| where type == 'microsoft.compute/virtualmachines'
| project id, name, resourceGroup
| join kind=inner (
patchassessmentresources
| where properties.status == "Failed"
| project VMresid = tolower(id), patchStatus = properties.status
) on $left.id == $right.VMresid
| project resourceGroup, name, patchStatus
| order by patchStatus desc
Note: You can modify the projection parameters like ostype based on the requirement and availability.
Once the query has successfully executed, you can set up alerts by integrating the results into Azure Monitor or Splunk to receive the trigger notifications when the condition met.
Upvotes: 0
Related Questions
- How can I generate a Git patch for a specific commit?
- Join two tables in KQL in Azure Resource Graph
- Azure cli get Linux Operating system version
- How to implement Azure Monitoring Alert VM Heartbeat with Log Workspace using Terraform
- Azure VM auto scale based on alert
- Azure Advisor - Virtual Machine Scale Sets
- Azure Monitor Logs - Virtual Machine Scale Set Metrics
- Azure CLI monitor metrics of all virtual machines
- Failed to delete the virtual machine extension in Azure ARM VM
- how to deploy multiple virtual machines using custom image?