Share via

How to find the action groups associated with the alert rules in Azure Monitor?

Vinoth Kaliaperumal 386 Reputation points
2023-01-20T04:00:08.3533333+00:00

Hi Team,

I would like to check the action groups associated with the alert rules for all at one go instead of checking it manually.

Is there any way to do that?

Thanks,

Vinoth

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,662 questions
0 comments
Accepted answer
  1. Sina Salam 22,031 Reputation points Volunteer Moderator
    2023-01-20T05:20:29.5233333+00:00

    @Vinoth Kaliaperumal

    Welcome to Microsoft Q&A,

    To affirm your question, you will like to view or check the action groups associated with the alert rules for all resources using commands instead of manual.

    If yes then, Azure Resource Graph Explorer will best tools to run a query.

    You can generate a query from the alert rule by click on open query.

    The query can be similar to the below: 

    
resources
| where type in~ ('microsoft.insights/metricalerts','microsoft.insights/scheduledqueryrules') and ['kind'] !in~ ('LogToMetric','LogToApplicationInsights')
| extend severity = strcat("Sev", properties["severity"])
| extend enabled = tobool(properties["enabled"])
| where enabled in~ ('true')
| project id,name,type,properties,enabled,severity,subscriptionId
| union (resources | where type =~ 'microsoft.alertsmanagement/smartdetectoralertrules' | extend severity = tostring(properties["severity"])
| extend enabled = properties["state"] =~ 'Enabled' | where enabled in~ ('true') | project id,name,type,properties,enabled,severity,subscriptionId), (resources | where type =~ 'microsoft.insights/activitylogalerts' | extend severity = "Sev4"
| extend enabled = tobool(properties["enabled"]) | mvexpand innerCondition = properties["condition"]["allOf"] | where innerCondition["field"] =~ 'category'
| where enabled in~ ('true') | project id,name,type,properties,enabled,severity,subscriptionId)
| order by tolower(name) asc

    You can modify the alert rule and preferences you would like to see and right from the same environment you can save and modify to reuse.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    BR,

    Sina

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinoth Kaliaperumal 386 Reputation points
    2023-01-20T07:43:55.74+00:00

    here I have edited the query to add an action group

    thanks for your valuable info !!!

    resources
| where type in~ ('microsoft.insights/metricalerts','microsoft.insights/scheduledqueryrules') and ['kind'] !in~ ('LogToMetric','LogToApplicationInsights')
| extend severity = strcat("Sev", properties["severity"])
| extend actiongroup = strcat("", properties["actions"])
| extend enabled = tobool(properties["enabled"])
| where enabled in~ ('true')
| project id,name,type,properties,enabled,severity,subscriptionId,actiongroup
| union (resources | where type =~ 'microsoft.alertsmanagement/smartdetectoralertrules' | extend severity = tostring(properties["severity"])
| extend enabled = properties["state"] =~ 'Enabled' | where enabled in~ ('true') | project id,name,type,properties,enabled,severity,subscriptionId), (resources | where type =~ 'microsoft.insights/activitylogalerts' | extend severity = "Sev4"
| extend enabled = tobool(properties["enabled"]) | mvexpand innerCondition = properties["condition"]["allOf"] | where innerCondition["field"] =~ 'category'
| where enabled in~ ('true') | project id,name,type,properties,enabled,severity,subscriptionId)
| order by tolower(name) asc
    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.