ARM Template for creating Alerts Rules in Log analytics

Question

I created alert rule in log analytics,and then i exported template to create another alert rule automatically

I need to create alert rule automatically exactly same as manually created alert rule

I am able to create alert rule with the exported template,but the alert rule condition which is created by template is different from alert rule which is created manually in the portal

Let me know if any additional information required

Thanks in advance

Answer 1

Hi,
I think the problem is that the portal creates the rule for Log Alert v1 and the template uses Log Alert v2. My suggestion is to look at the doc samples and try to create the alert directly from code without creating something first in portal and than exporting it as ARM Template otherwise you will get undesired results. Also I would advise you to look at the main components of Log alert as for me having order by and take in query for alert does not make sense at all.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hi,
I am not sure what you mean exactly as you have not provided enough information like settings used to create the alert rule, the exported template, the settings in portal on the second alert rule created and which is different exactly from the first alert rule.

I would assume you are talking about Log alerts. In that case you can find the official samples here. Keep in mind that depending on which API version you use different alert rule will be created. The old API is for Log Alert v1 and the new is for Log Alert v2. They have similarities but there are differences on API level as well on webhook payload generated.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.