Azure - 使用带有 Metric Measurement 参数(不是结果计数)的 ARM 模板部署警报规则
Azure - Deploy alert rules with ARM template with Metric Measurement parameter (Not Result count)
我在 Azure 中部署正确的警报规则时遇到了一些问题。
我的警报是 Log Analytics 查询,部署工作正常。但是,我所有的警报都是用 "Number of result" 创建的,而我想要 "Metric Measurement".
警报类型
我试图在 Azure 中创建一个正确的警报,并在 Activity 日志中使用 JSON 参数,但我不明白这个参数在哪里。
我也在 https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction 中搜索,但它只显示 "ResultCount"。
你知道这样做的好参数是什么吗?
我的template.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroup": {
"defaultValue": "",
"metadata": {
"description": "The ID of the action group that is triggered when the alert is activated or deactivated"
},
"type": "string"
},
"alertDescription": {
"defaultValue": "This is a metric alert",
"metadata": {
"description": "Description of alert"
},
"type": "string"
},
"alertName": {
"metadata": {
"description": "Name of the alert"
},
"type": "string"
},
"alertSeverity": {
"allowedValues": [
0,
1,
2,
3,
4
],
"defaultValue": 3,
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
},
"type": "int"
},
"consecutiveBreachTrigger": {
"defaultValue": "",
"metadata": {
"description": ""
},
"type": "string"
},
//"isEnabled": {
// "defaultValue": true,
// "metadata": {
// "description": "Specifies whether the alert is enabled"
// },
// "type": "bool"
// },
"metricColumn": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"metricTriggerTypeMetricTrigger": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"metricTriggerTypeTrigger": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"operatorMetricTrigger": {
"allowedValues": [
"Equals",
"NotEquals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"defaultValue": "GreaterThan",
"metadata": {
"description": "Operator comparing the current value with the threshold value."
},
"type": "string"
},
"operatorTrigger": {
"allowedValues": [
"Equals",
"NotEquals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"defaultValue": "GreaterThan",
"metadata": {
"description": "Operator comparing the current value with the threshold value."
},
"type": "string"
},
"PfrequencyInMin": {
"defaultValue": "",
"metadata": {
"description": "Time along the query is running"
},
"type": "string"
},
"PtimeWindowFrequency": {
"defaultValue": "",
"metadata": {
"description": "Frequency of often should be run the alert"
},
"type": "string"
},
"query": {
"defaultValue": "",
"metadata": {
"description": "Query to use for this alert"
},
"type": "string"
},
"queryType": {
"defaultValue": "",
"metadata": {
"description": "Type of the query"
},
"type": "string"
},
"region": {
"defaultValue": "",
"metadata": {
"description": "Region of the workspace"
},
"type": "string"
},
"resourceId": {
"metadata": {
"description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz"
},
"minLength": 1,
"type": "string"
},
"thresholdMetricTrigger": {
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
},
"type": "string"
},
"thresholdTrigger": {
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
},
"type": "string"
}
},
"resources": [
{
"apiVersion": "2018-04-16",
"location": "[parameters('region')]",
"name": "[parameters('alertName')]",
"properties": {
"action": {
"aznAction": {
"actionGroup": "[parameters('actionGroup')]"
},
"metricTrigger": {
"metricColumn": "[parameters('metricColumn')]",
"metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]",
"threshold": "[parameters('thresholdMetricTrigger')]",
"thresholdOperator": "[parameters('operatorMetricTrigger')]"
},
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "[parameters('alertSeverity')]",
"trigger": {
"consecutiveBreach": "[parameters('consecutiveBreachTrigger')]",
"metricTriggerType": "[parameters('metricTriggerTypeTrigger')]",
"threshold": "[parameters('thresholdTrigger')]",
"thresholdOperator": "[parameters('operatorTrigger')]"
}
},
"description": "[parameters('alertDescription')]",
"displayname": "[parameters('alertName')]",
"enabled": "true",
"schedule": {
"frequencyInMinutes": "[parameters('PfrequencyInMin')]",
"timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]"
},
"source": {
"datasourceID": "[parameters('resourceId')]",
"query": "[parameters('query')]",
"queryType": "[parameters('queryType')]"
}
},
"tags": {},
"type": "microsoft.insights/scheduledqueryrules"
}
],
"variables": {}
}
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroup": {
"value": "Production Server"
},
"alertDescription": {
"value": "RAM used in percentage"
},
"alertName": {
"value": "VM - Memory Usage (Metric)"
},
"alertSeverity": {
"value": 3
},
"consecutiveBreachTrigger": {
"value": "1"
},
// "isEnabled": {
// "value": true
// },
"metricColumn": {
"value": "Computer"
},
"metricTriggerTypeMetricTrigger": {
"value": "Consecutive"
},
"metricTriggerTypeTrigger": {
"value": "Consecutive"
},
"operatorMetricTrigger": {
"value": "GreaterThan"
},
"operatorTrigger": {
"value": "GreaterThan"
},
"PfrequencyInMin": {
"value": "30"
},
"PtimeWindowFrequency": {
"value": "60"
},
"query": {
"value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB' | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['vm.azm.ms/memorySizeMB']) | project TimeGenerated, Computer , Namespace, Val , Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)"
},
"queryType": {
"value": "Metric"
},
"region": {
"value": "westeurope"
},
"resourceId": {
"value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs"
},
"thresholdMetricTrigger": {
"value": "1"
},
"thresholdTrigger": {
"value": "80"
}
}
}
提前致谢。
此致,
奥雷利安
如果要创建日志研究警报,请将查询类型更改为ResultCount,我们还需要指定触发器,如
"trigger": {
"thresholdOperator": "<>",
"threshold": 0,
"metricTrigger": {
"thresholdOperator": "<>",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "<your colum>"
}
例如
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
"alertName": "test",
"alertDescr": "test",
"alertStatus": "true",
"alertSource":{
"Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",
"SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
"Type":"ResultCount"
},
"alertSchedule":{
"Frequency": 5,
"Time": 5
},
"alertActions":{
"SeverityLevel": "3",
"SuppressTimeinMin": 20
},
"alertTrigger":{
"Operator":"GreaterThan",
"Threshold":"1"
},
"metricMeasurement": {
"thresholdOperator": "GreaterThan",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "TimeGenerated"
},
"actionGrp":{
"ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"
}
},
"resources":[ {
"name":"[variables('alertName')]",
"type":"Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[variables('alertLocation')]",
"properties":{
"description": "[variables('alertDescr')]",
"enabled": "[variables('alertStatus')]",
"source": {
"query": "[variables('alertSource').Query]",
"authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
"dataSourceId": "[variables('alertSource').SourceId]",
"queryType":"[variables('alertSource').Type]"
},
"schedule":{
"frequencyInMinutes": "[variables('alertSchedule').Frequency]",
"timeWindowInMinutes": "[variables('alertSchedule').Time]"
},
"action":{
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity":"[variables('alertActions').SeverityLevel]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction":{
"actionGroup": "[array(variables('actionGrp').ActionGroup)]"
},
"trigger":{
"thresholdOperator":"[variables('alertTrigger').Operator]",
"threshold":"[variables('alertTrigger').Threshold]",
"metricTrigger":{
"thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
"threshold": "[variables('metricMeasurement').threshold]",
"metricColumn": "[variables('metricMeasurement').metricColumn]",
"metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
}
}
}
}
} ]
}
结果
详情请参考
https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate
我在 Azure 中部署正确的警报规则时遇到了一些问题。
我的警报是 Log Analytics 查询,部署工作正常。但是,我所有的警报都是用 "Number of result" 创建的,而我想要 "Metric Measurement".
警报类型
我试图在 Azure 中创建一个正确的警报,并在 Activity 日志中使用 JSON 参数,但我不明白这个参数在哪里。
我也在 https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#alertingaction 中搜索,但它只显示 "ResultCount"。
你知道这样做的好参数是什么吗?
我的template.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroup": {
"defaultValue": "",
"metadata": {
"description": "The ID of the action group that is triggered when the alert is activated or deactivated"
},
"type": "string"
},
"alertDescription": {
"defaultValue": "This is a metric alert",
"metadata": {
"description": "Description of alert"
},
"type": "string"
},
"alertName": {
"metadata": {
"description": "Name of the alert"
},
"type": "string"
},
"alertSeverity": {
"allowedValues": [
0,
1,
2,
3,
4
],
"defaultValue": 3,
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
},
"type": "int"
},
"consecutiveBreachTrigger": {
"defaultValue": "",
"metadata": {
"description": ""
},
"type": "string"
},
//"isEnabled": {
// "defaultValue": true,
// "metadata": {
// "description": "Specifies whether the alert is enabled"
// },
// "type": "bool"
// },
"metricColumn": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"metricTriggerTypeMetricTrigger": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"metricTriggerTypeTrigger": {
"defaultValue": "",
"metadata": {
"description": "Metric type of trigger"
},
"type": "string"
},
"operatorMetricTrigger": {
"allowedValues": [
"Equals",
"NotEquals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"defaultValue": "GreaterThan",
"metadata": {
"description": "Operator comparing the current value with the threshold value."
},
"type": "string"
},
"operatorTrigger": {
"allowedValues": [
"Equals",
"NotEquals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"defaultValue": "GreaterThan",
"metadata": {
"description": "Operator comparing the current value with the threshold value."
},
"type": "string"
},
"PfrequencyInMin": {
"defaultValue": "",
"metadata": {
"description": "Time along the query is running"
},
"type": "string"
},
"PtimeWindowFrequency": {
"defaultValue": "",
"metadata": {
"description": "Frequency of often should be run the alert"
},
"type": "string"
},
"query": {
"defaultValue": "",
"metadata": {
"description": "Query to use for this alert"
},
"type": "string"
},
"queryType": {
"defaultValue": "",
"metadata": {
"description": "Type of the query"
},
"type": "string"
},
"region": {
"defaultValue": "",
"metadata": {
"description": "Region of the workspace"
},
"type": "string"
},
"resourceId": {
"metadata": {
"description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz"
},
"minLength": 1,
"type": "string"
},
"thresholdMetricTrigger": {
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
},
"type": "string"
},
"thresholdTrigger": {
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
},
"type": "string"
}
},
"resources": [
{
"apiVersion": "2018-04-16",
"location": "[parameters('region')]",
"name": "[parameters('alertName')]",
"properties": {
"action": {
"aznAction": {
"actionGroup": "[parameters('actionGroup')]"
},
"metricTrigger": {
"metricColumn": "[parameters('metricColumn')]",
"metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]",
"threshold": "[parameters('thresholdMetricTrigger')]",
"thresholdOperator": "[parameters('operatorMetricTrigger')]"
},
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "[parameters('alertSeverity')]",
"trigger": {
"consecutiveBreach": "[parameters('consecutiveBreachTrigger')]",
"metricTriggerType": "[parameters('metricTriggerTypeTrigger')]",
"threshold": "[parameters('thresholdTrigger')]",
"thresholdOperator": "[parameters('operatorTrigger')]"
}
},
"description": "[parameters('alertDescription')]",
"displayname": "[parameters('alertName')]",
"enabled": "true",
"schedule": {
"frequencyInMinutes": "[parameters('PfrequencyInMin')]",
"timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]"
},
"source": {
"datasourceID": "[parameters('resourceId')]",
"query": "[parameters('query')]",
"queryType": "[parameters('queryType')]"
}
},
"tags": {},
"type": "microsoft.insights/scheduledqueryrules"
}
],
"variables": {}
}
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroup": {
"value": "Production Server"
},
"alertDescription": {
"value": "RAM used in percentage"
},
"alertName": {
"value": "VM - Memory Usage (Metric)"
},
"alertSeverity": {
"value": 3
},
"consecutiveBreachTrigger": {
"value": "1"
},
// "isEnabled": {
// "value": true
// },
"metricColumn": {
"value": "Computer"
},
"metricTriggerTypeMetricTrigger": {
"value": "Consecutive"
},
"metricTriggerTypeTrigger": {
"value": "Consecutive"
},
"operatorMetricTrigger": {
"value": "GreaterThan"
},
"operatorTrigger": {
"value": "GreaterThan"
},
"PfrequencyInMin": {
"value": "30"
},
"PtimeWindowFrequency": {
"value": "60"
},
"query": {
"value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB' | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['vm.azm.ms/memorySizeMB']) | project TimeGenerated, Computer , Namespace, Val , Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)"
},
"queryType": {
"value": "Metric"
},
"region": {
"value": "westeurope"
},
"resourceId": {
"value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs"
},
"thresholdMetricTrigger": {
"value": "1"
},
"thresholdTrigger": {
"value": "80"
}
}
}
提前致谢。
此致,
奥雷利安
如果要创建日志研究警报,请将查询类型更改为ResultCount,我们还需要指定触发器,如
"trigger": {
"thresholdOperator": "<>",
"threshold": 0,
"metricTrigger": {
"thresholdOperator": "<>",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "<your colum>"
}
例如
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
"alertName": "test",
"alertDescr": "test",
"alertStatus": "true",
"alertSource":{
"Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",
"SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
"Type":"ResultCount"
},
"alertSchedule":{
"Frequency": 5,
"Time": 5
},
"alertActions":{
"SeverityLevel": "3",
"SuppressTimeinMin": 20
},
"alertTrigger":{
"Operator":"GreaterThan",
"Threshold":"1"
},
"metricMeasurement": {
"thresholdOperator": "GreaterThan",
"threshold": 1,
"metricTriggerType": "Consecutive",
"metricColumn": "TimeGenerated"
},
"actionGrp":{
"ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"
}
},
"resources":[ {
"name":"[variables('alertName')]",
"type":"Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[variables('alertLocation')]",
"properties":{
"description": "[variables('alertDescr')]",
"enabled": "[variables('alertStatus')]",
"source": {
"query": "[variables('alertSource').Query]",
"authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
"dataSourceId": "[variables('alertSource').SourceId]",
"queryType":"[variables('alertSource').Type]"
},
"schedule":{
"frequencyInMinutes": "[variables('alertSchedule').Frequency]",
"timeWindowInMinutes": "[variables('alertSchedule').Time]"
},
"action":{
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity":"[variables('alertActions').SeverityLevel]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction":{
"actionGroup": "[array(variables('actionGrp').ActionGroup)]"
},
"trigger":{
"thresholdOperator":"[variables('alertTrigger').Operator]",
"threshold":"[variables('alertTrigger').Threshold]",
"metricTrigger":{
"thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
"threshold": "[variables('metricMeasurement').threshold]",
"metricColumn": "[variables('metricMeasurement').metricColumn]",
"metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
}
}
}
}
} ]
}
结果
详情请参考
https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate