az monitor scheduled-query
Note
This reference is part of the scheduled-query extension for the Azure CLI (version 2.54.0 or higher). The extension will automatically install the first time you run an az monitor scheduled-query command. Learn more about extensions.
Commands to manage scheduled queries.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor scheduled-query create |
Create a scheduled query. |
Extension | GA |
| az monitor scheduled-query delete |
Delete a scheduled query. |
Extension | GA |
| az monitor scheduled-query list |
List all scheduled queries. |
Extension | GA |
| az monitor scheduled-query show |
Show detail of a scheduled query. |
Extension | GA |
| az monitor scheduled-query update |
Update a scheduled query. |
Extension | GA |
az monitor scheduled-query create
Create a scheduled query.
az monitor scheduled-query create --condition
--name
--resource-group
--scopes
[--action-groups]
[--auto-mitigate {false, true}]
[--check-ws-alerts-storage --cwas {false, true}]
[--condition-query]
[--custom-properties]
[--description]
[--disabled {false, true}]
[--evaluation-frequency]
[--location]
[--mad --mute-actions-duration]
[--severity]
[--skip-query-validation {false, true}]
[--tags]
[--target-resource-type --type]
[--window-size]Examples
Create a scheduled query for a VM.
az monitor scheduled-query create -g {rg} -n {name1} --scopes {vm_id} --condition "count 'Placeholder_1' > 360 resource id _ResourceId at least 1 violations out of 5 aggregated points" --condition-query Placeholder_1="union Event, Syslog | where TimeGenerated > ago(1h) | where EventLevelName=='Error' or SeverityLevel=='err'" --description "Test rule"Create a scheduled query for VMs in a resource group.
az monitor scheduled-query create -g {rg} -n {name1} --scopes {rg_id} --condition "count 'Placeholder_1' > 360 resource id _ResourceId at least 1 violations out of 5 aggregated points" --condition-query Placeholder_1="union Event, Syslog | where TimeGenerated > ago(1h) | where EventLevelName=='Error' or SeverityLevel=='err'" --description "Test rule"Required Parameters
The condition which triggers the rule.
Usage: --condition {avg,min,max,total,count} ["METRIC COLUMN" from] "QUERY_PLACEHOLDER" {=,!=,>,>=,<,<=} THRESHOLD [resource id RESOURCEID] [where DIMENSION {includes,excludes} VALUE [or VALUE ...] [and DIMENSION {includes,excludes} VALUE [or VALUE ...] ...]] [at least MinTimeToFail violations out of EvaluationPeriod aggregated points]' Query placeholders can be defined in --condition-query argument Dimensions can be queried by adding the 'where' keyword and multiple dimensions can be queried by combining them with the 'and' keyword.
Name of the scheduled query rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Space-separated list of scopes the rule applies to. The resources specified in this parameter must be of the same type and exist in the same location.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Action Group resource Ids to invoke when the alert fires.
Usage: --action-groups ACTION_GROUP_NAME_OR_ID [NAME_OR_ID,...].
The flag that indicates whether the alert should be automatically resolved or not. The default is true.
| Property | Value |
|---|---|
| Default value: | True |
| Accepted values: | false, true |
The flag which indicates whether this scheduled query rule should be stored in the customer's storage.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Query deteils to replace the placeholders in --condition argument.
The properties of an alert payload.
Usage: --custom-properties ALERT_PAYLOAD_PROPERTIES [KEY=VAL,KEY=VAL ...].
Free-text description of the rule.
Disable the scheduled query.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Frequency with which to evaluate the rule in "##h##m##s" format.
| Property | Value |
|---|---|
| Default value: | 5m |
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.
Severity of the alert from 0 (critical) to 4 (verbose).
| Property | Value |
|---|---|
| Default value: | 2 |
The flag which indicates whether the provided query should be validated or not.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The resource type of the target resource(s) in scopes. This must be provided when scopes is resource group or subscription.
Time over which to aggregate metrics in "##h##m##s" format.
| Property | Value |
|---|---|
| Default value: | 5m |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor scheduled-query delete
Delete a scheduled query.
az monitor scheduled-query delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--yes]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the scheduled query rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor scheduled-query list
List all scheduled queries.
az monitor scheduled-query list [--resource-group]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor scheduled-query show
Show detail of a scheduled query.
az monitor scheduled-query show [--ids]
[--name]
[--resource-group]
[--subscription]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the scheduled query rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor scheduled-query update
Update a scheduled query.
az monitor scheduled-query update [--action-groups]
[--add]
[--auto-mitigate {false, true}]
[--check-ws-alerts-storage --cwas {false, true}]
[--condition]
[--condition-query]
[--custom-properties]
[--description]
[--disabled {false, true}]
[--evaluation-frequency]
[--force-string]
[--ids]
[--mad --mute-actions-duration]
[--name]
[--remove]
[--resource-group]
[--set]
[--severity]
[--skip-query-validation {false, true}]
[--subscription]
[--tags]
[--target-resource-type --type]
[--window-size]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Action Group resource Ids to invoke when the alert fires.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
The flag that indicates whether the alert should be automatically resolved or not. The default is true.
| Property | Value |
|---|---|
| Accepted values: | false, true |
The flag which indicates whether this scheduled query rule should be stored in the customer's storage.
| Property | Value |
|---|---|
| Accepted values: | false, true |
The condition which triggers the rule.
Usage: --condition {avg,min,max,total,count} ["METRIC COLUMN" from] "QUERY_PLACEHOLDER" {=,!=,>,>=,<,<=} THRESHOLD [resource id RESOURCEID] [where DIMENSION {includes,excludes} VALUE [or VALUE ...] [and DIMENSION {includes,excludes} VALUE [or VALUE ...] ...]] [at least MinTimeToFail violations out of EvaluationPeriod aggregated points]'
Query placeholders can be defined in --condition-query argument Dimensions can be queried by adding the 'where' keyword and multiple dimensions can be queried by combining them with the 'and' keyword.
Query deteils to replace the placeholders in --condition argument.
The properties of an alert payload.
Usage: --custom-properties ALERT_PAYLOAD_PROPERTIES [KEY=VAL,KEY=VAL ...].
Free-text description of the rule.
Disable the scheduled query.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Frequency with which to evaluate the rule in "##h##m##s" format.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.
Name of the scheduled query rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Default value: | [] |
Severity of the alert from 0 (critical) to 4 (verbose).
The flag which indicates whether the provided query should be validated or not.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The resource type of the target resource(s) in scopes. This must be provided when scopes is resource group or subscription.
Time over which to aggregate metrics in "##h##m##s" format.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
