Share via

Use tags in alerts to filter out resources

BizzerAdam 20 Reputation points
2024-05-13T09:45:48.16+00:00

Hello dear MS support!

I'm currently working on a huge project where we got multiple resource groups with lots and lots of virtual machines. Beside basic availabilty checks for the whole resource groups and host pools, we want to monitor specific virtual machines for specific users (let's call them VIPs). My idea was to assign a tag (user_status : VIP) to the VM and use that in the alert rules, or somewhere related to alerts. So in the alert creation we select the desired monitored resources: all VM's from the RG, with region, but we filter out the unwanted machines with this tag, and we only collect/alert if a VIP machine got some issues. But there is no option in Azure Monitor to use tags assigned to the machines. This way whenever a new user is added with a new machine we want to monitor, we have to manually update the alert rule and select the specific VM instead of deploying a machine with the defined tag. Am I missing something, or is this really a missing feature? If it's present, could you please point me in the right direction?

Thanks,
Adam

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,867 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,289 questions
Accepted answer
  1. AnuragSingh-MSFT 20,676 Reputation points
    2024-05-14T10:36:25.7166667+00:00

    @BizzerAdam, thank you for posting this question and sharing this feedback.

    You are right, currently we do not have the option to target an alert rule based on no specific tag of the resource.

    The following are some of the ways that could be leveraged for this scenario:

    1. Ensure that these VMs are in a single resource group so that the alert rule can be applied at Resource group level.
    2. Another option could be to ensure that these VMs of interest are sending data to a single Log Analytics Workspace. If the workspace level isolation is possible such that no other VM sends data to this LA workspace, then Azure Policy could be used to associate these VMs based on tags to pre created Data Collection Rule (DCR). In this case, a single DCR is used to collect data from all VMs matching specific criteria (for example based on specific tag) and sending it to a single LA workspace.

    One of the inbuilt Azure Policy definitions that could be used it this case is - Configure Windows Machines to be associated with a Data Collection Rule or a Data Collection Endpoint

    Note that this policy does not filter based on tags, but the definition could be updated to include that as well.

    1. One more option, in case all the VMs send data to a single LA workspace would be to use "Log based alert rule". In this case, the query could contain a filter to match specific criteria in the name (for example name contains "VIP" etc.). This way, the rule only alerts when required condition is met for these set of VMs.

    Hope this helps.

    Please let me know if you need more information on any specific methodology.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest