Customize alert notifications by using Logic Apps

This article shows you how to create a logic app and integrate it with an Azure Monitor alert.

You can use Azure Logic Apps to build and customize workflows for integration. Use Logic Apps to customize your alert notifications. You can:

  • Customize the alerts email by using your own email subject and body format.
  • Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows that contain alerts data, see:
  • Integrate with external services by using existing connectors like Outlook, Microsoft Teams, Slack, and PagerDuty. You can also configure the logic app for your own services.

This example creates a logic app that uses the common alerts schema to send details from the alert.

Create a logic app

  1. In the Azure portal, create a new logic app. In the Search bar at the top of the page, enter Logic App.

  2. On the Logic App page, select Add.

  3. Select the Subscription and Resource group for your logic app.

  4. Set Logic App name. For Plan type, select Consumption.

  5. Select Review + create > Create.

  6. Select Go to resource after the deployment is finished.

    Screenshot that shows the Create Logic App page.

  7. On the Logic Apps Designer page, select When a HTTP request is received.

    Screenshot that shows the Logic Apps Designer start page.

  8. Paste the common alert schema into the Request Body JSON Schema field from the following JSON:

     {
        "type": "object",
        "properties": {
            "schemaId": {
                "type": "string"
            },
            "data": {
                "type": "object",
                "properties": {
                    "essentials": {
                        "type": "object",
                        "properties": {
                            "alertId": {
                                "type": "string"
                            },
                            "alertRule": {
                                "type": "string"
                            },
                            "severity": {
                                "type": "string"
                            },
                            "signalType": {
                                "type": "string"
                            },
                            "monitorCondition": {
                                "type": "string"
                            },
                            "monitoringService": {
                                "type": "string"
                            },
                            "alertTargetIDs": {
                                "type": "array",
                                "items": {
                                    "type": "string"
                                }
                            },
                            "originAlertId": {
                                "type": "string"
                            },
                            "firedDateTime": {
                                "type": "string"
                            },
                            "resolvedDateTime": {
                                "type": "string"
                            },
                            "description": {
                                "type": "string"
                            },
                            "essentialsVersion": {
                                "type": "string"
                            },
                            "alertContextVersion": {
                                "type": "string"
                            }
                        }
                    },
                    "alertContext": {
                        "type": "object",
                        "properties": {}
                    }
                }
            }
        }
    }
    

    Screenshot that shows the Parameters tab for the When an HTTP request is received pane.

  9. (Optional). You can customize the alert notification by extracting information about the affected resource on which the alert fired, for example, the resource's tags. You can then include those resource tags in the alert payload and use the information in your logical expressions for sending the notifications. To do this step, we will:

    • Create a variable for the affected resource IDs.
    • Split the resource ID into an array so that we can use its various elements (for example, subscription and resource group).
    • Use the Azure Resource Manager connector to read the resource's metadata.
    • Fetch the resource's tags, which can then be used in subsequent steps of the logic app.
    1. Select + > Add an action to insert a new step.

    2. In the Search field, search for and select Initialize variable.

    3. In the Name field, enter the name of the variable, such as AffectedResource.

    4. In the Type field, select Array.

    5. In the Value field, select Add dynamic Content. Select the Expression tab and enter the string split(triggerBody()?['data']?['essentials']?['alertTargetIDs'][0], '/').

      Screenshot that shows the Parameters tab for the Initialize variable pane.

    6. Select + > Add an action to insert another step.

    7. In the Search field, search for and select Azure Resource Manager > Read a resource.

    8. Populate the fields of the Read a resource action with the array values from the AffectedResource variable. In each of the fields, select the field and scroll down to Enter a custom value. Select Add dynamic content, and then select the Expression tab. Enter the strings from this table:

      Field String value
      Subscription variables('AffectedResource')[2]
      Resource Group variables('AffectedResource')[4]
      Resource Provider variables('AffectedResource')[6]
      Short Resource ID concat(variables('AffectedResource')[7], '/', variables('AffectedResource')[8])
      Client Api Version Resource type's api version

      To find your resource type's api version, select the JSON view link on the top right-hand side of the resource overview page. The Resource JSON page is displayed with the ResourceID and API version at the top of the page.

    The dynamic content now includes tags from the affected resource. You can use those tags when you configure your notifications as described in the following steps.

  10. Send an email or post a Teams message.

  11. Select + > Add an action to insert a new step.

    Screenshot that shows the parameters for When an HTTP request is received.

  1. In the search field, search for Outlook.

  2. Select Office 365 Outlook.

    Screenshot that shows the Add an action page of the Logic Apps Designer with Office 365 Outlook selected.

  3. Select Send an email (V2) from the list of actions.

  4. Sign in to Office 365 when you're prompted to create a connection.

  5. Create the email Body by entering static text and including content taken from the alert payload by choosing fields from the Dynamic content list. For example:

    • An alert has monitoring condition: Select monitorCondition from the Dynamic content list.
    • Date fired: Select firedDateTime from the Dynamic content list.
    • Affected resources: Select alertTargetIDs from the Dynamic content list.
  6. In the Subject field, create the subject text by entering static text and including content taken from the alert payload by choosing fields from the Dynamic content list. For example:

    • Alert: Select alertRule from the Dynamic content list.
    • with severity: Select severity from the Dynamic content list.
    • has condition: Select monitorCondition from the Dynamic content list.
  7. Enter the email address to send the alert to the To field.

  8. Select Save.

    Screenshot that shows the Parameters tab on the Send an email pane.

You've created a logic app that sends an email to the specified address, with details from the alert that triggered it.

The next step is to create an action group to trigger your logic app.

Create an action group

To trigger your logic app, create an action group. Then create an alert that uses that action group.

  1. Go to the Azure Monitor page and select Alerts from the pane on the left.

  2. Select Action groups > Create.

  3. Select values for Subscription, Resource group, and Region.

  4. Enter a name for Action group name and Display name.

  5. Select the Actions tab.

    Screenshot that shows the Actions tab on the Create an action group page.

  6. On the Actions tab under Action type, select Logic App.

  7. In the Logic App section, select your logic app from the dropdown.

  8. Set Enable common alert schema to Yes. If you select No, the alert type determines which alert schema is used. For more information about alert schemas, see Context-specific alert schemas.

  9. Select OK.

  10. Enter a name in the Name field.

  11. Select Review + create > Create.

    Screenshot that shows the Actions tab on the Create an action group page and the Logic App pane.

Test your action group

  1. Select your action group.

  2. In the Logic App section, select Test action group (preview).

    Screenshot that shows an action group details page with the Test action group option.

  3. Select a sample alert type from the Select sample type dropdown.

  4. Select Test.

    Screenshot that shows an action group details Test page.

    The following email is sent to the specified account:

    Screenshot that shows a sample email sent by the Test page.

Create a rule by using your action group

  1. Create a rule for one of your resources.

  2. On the Actions tab of your rule, choose Select action groups.

  3. Select your action group from the list.

  4. Choose Select.

  5. Finish the creation of your rule.

    Screenshot that shows the Actions tab on the Create an alert rule pane and the Select action groups pane.

Next steps