Resource Manager template samples for activity log alert rules in Azure Monitor
This article includes samples of Azure Resource Manager templates to create and configure activity log alerts in Azure Monitor.
Note
See Azure Resource Manager samples for Azure Monitor for a list of samples that are available and guidance on deploying them in your Azure subscription.
Activity log alert rule using the Administrative condition:
This example sets the condition to the Administrative category:
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "resourceType",
"equals": "Microsoft.Resources/deployments"
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"activityLogAlertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"activityLogAlertEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"actionGroupResourceId": {
"type": "string",
"metadata": {
"description": "Resource Id for the Action group."
}
}
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('activityLogAlertName')]",
"location": "Global",
"properties": {
"enabled": "[parameters('activityLogAlertEnabled')]",
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.Resources/deployments/write"
},
{
"field": "resourceType",
"equals": "Microsoft.Resources/deployments"
}
]
},
"actions": {
"actionGroups":
[
{
"actionGroupId": "[parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
Template to send activity log alerts on service notifications
The following template creates an action group with an email target and enables all service health notifications for the target subscription. Save this template as CreateServiceHealthAlert.json.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroups_name": {
"type": "string",
"defaultValue": "SubHealth"
},
"activityLogAlerts_name": {
"type": "string",
"defaultValue": "ServiceHealthActivityLogAlert"
},
"emailAddress": {
"type": "string"
}
},
"variables": {
"alertScope": "[format('/subscriptions/{0}', subscription().subscriptionId)]"
},
"resources": [
{
"type": "microsoft.insights/actionGroups",
"apiVersion": "2019-06-01",
"name": "[parameters('actionGroups_name')]",
"location": "Global",
"properties": {
"groupShortName": "[parameters('actionGroups_name')]",
"enabled": true,
"emailReceivers": [
{
"name": "[parameters('actionGroups_name')]",
"emailAddress": "[parameters('emailAddress')]"
}
],
"smsReceivers": [],
"webhookReceivers": []
}
},
{
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('activityLogAlerts_name')]",
"location": "Global",
"properties": {
"scopes": [
"[variables('alertScope')]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Incident"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_name'))]",
"webhookProperties": {}
}
]
},
"enabled": true
},
"dependsOn": [
"[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_name'))]"
]
}
]
}
Next steps
Feedback
Submit and view feedback for