az monitor scheduled-query
Note
This reference is part of the scheduled-query extension for the Azure CLI (version 2.54.0 or higher). The extension will automatically install the first time you run an az monitor scheduled-query command. Learn more about extensions.
Commands to manage scheduled queries.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor scheduled-query create |
Create a scheduled query. |
Extension | GA |
| az monitor scheduled-query delete |
Delete a scheduled query. |
Extension | GA |
| az monitor scheduled-query list |
List all scheduled queries. |
Extension | GA |
| az monitor scheduled-query show |
Show detail of a scheduled query. |
Extension | GA |
| az monitor scheduled-query update |
Update a scheduled query. |
Extension | GA |
az monitor scheduled-query create
Create a scheduled query.
az monitor scheduled-query create --condition
--name
--resource-group
--scopes
[--action-groups]
[--auto-mitigate {false, true}]
[--check-ws-alerts-storage {false, true}]
[--condition-query]
[--custom-properties]
[--description]
[--disabled {false, true}]
[--evaluation-frequency]
[--location]
[--mad]
[--severity]
[--skip-query-validation {false, true}]
[--tags]
[--target-resource-type]
[--window-size]Examples
Create a scheduled query for a VM.
az monitor scheduled-query create -g {rg} -n {name1} --scopes {vm_id} --condition "count 'Placeholder_1' > 360 resource id _ResourceId at least 1 violations out of 5 aggregated points" --condition-query Placeholder_1="union Event, Syslog | where TimeGenerated > ago(1h) | where EventLevelName=='Error' or SeverityLevel=='err'" --description "Test rule"Create a scheduled query for VMs in a resource group.
az monitor scheduled-query create -g {rg} -n {name1} --scopes {rg_id} --condition "count 'Placeholder_1' > 360 resource id _ResourceId at least 1 violations out of 5 aggregated points" --condition-query Placeholder_1="union Event, Syslog | where TimeGenerated > ago(1h) | where EventLevelName=='Error' or SeverityLevel=='err'" --description "Test rule"Required Parameters
The condition which triggers the rule.
Usage: --condition {avg,min,max,total,count} ["METRIC COLUMN" from] "QUERY_PLACEHOLDER" {=,!=,>,>=,<,<=} THRESHOLD [resource id RESOURCEID] [where DIMENSION {includes,excludes} VALUE [or VALUE ...] [and DIMENSION {includes,excludes} VALUE [or VALUE ...] ...]] [at least MinTimeToFail violations out of EvaluationPeriod aggregated points]' Query placeholders can be defined in --condition-query argument Dimensions can be queried by adding the 'where' keyword and multiple dimensions can be queried by combining them with the 'and' keyword.
Name of the scheduled query rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Space-separated list of scopes the rule applies to. The resources specified in this parameter must be of the same type and exist in the same location.
Optional Parameters
Action Group resource Ids to invoke when the alert fires.
Usage: --action-groups ACTION_GROUP_NAME_OR_ID [NAME_OR_ID,...].
The flag that indicates whether the alert should be automatically resolved or not. The default is true.
The flag which indicates whether this scheduled query rule should be stored in the customer's storage.
Query deteils to replace the placeholders in --condition argument.
The properties of an alert payload.
Usage: --custom-properties ALERT_PAYLOAD_PROPERTIES [KEY=VAL,KEY=VAL ...].
Free-text description of the rule.
Disable the scheduled query.
Frequency with which to evaluate the rule in "##h##m##s" format.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.
Severity of the alert from 0 (critical) to 4 (verbose).
The flag which indicates whether the provided query should be validated or not.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The resource type of the target resource(s) in scopes. This must be provided when scopes is resource group or subscription.
Time over which to aggregate metrics in "##h##m##s" format.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor scheduled-query delete
Delete a scheduled query.
az monitor scheduled-query delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--yes]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the scheduled query rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor scheduled-query list
List all scheduled queries.
az monitor scheduled-query list [--resource-group]Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor scheduled-query show
Show detail of a scheduled query.
az monitor scheduled-query show [--ids]
[--name]
[--resource-group]
[--subscription]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the scheduled query rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor scheduled-query update
Update a scheduled query.
az monitor scheduled-query update [--action-groups]
[--add]
[--auto-mitigate {false, true}]
[--check-ws-alerts-storage {false, true}]
[--condition]
[--condition-query]
[--custom-properties]
[--description]
[--disabled {false, true}]
[--evaluation-frequency]
[--force-string]
[--ids]
[--mad]
[--name]
[--remove]
[--resource-group]
[--set]
[--severity]
[--skip-query-validation {false, true}]
[--subscription]
[--tags]
[--target-resource-type]
[--window-size]Optional Parameters
Action Group resource Ids to invoke when the alert fires.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The flag that indicates whether the alert should be automatically resolved or not. The default is true.
The flag which indicates whether this scheduled query rule should be stored in the customer's storage.
The condition which triggers the rule.
Usage: --condition {avg,min,max,total,count} ["METRIC COLUMN" from] "QUERY_PLACEHOLDER" {=,!=,>,>=,<,<=} THRESHOLD [resource id RESOURCEID] [where DIMENSION {includes,excludes} VALUE [or VALUE ...] [and DIMENSION {includes,excludes} VALUE [or VALUE ...] ...]] [at least MinTimeToFail violations out of EvaluationPeriod aggregated points]'
Query placeholders can be defined in --condition-query argument Dimensions can be queried by adding the 'where' keyword and multiple dimensions can be queried by combining them with the 'and' keyword.
Query deteils to replace the placeholders in --condition argument.
The properties of an alert payload.
Usage: --custom-properties ALERT_PAYLOAD_PROPERTIES [KEY=VAL,KEY=VAL ...].
Free-text description of the rule.
Disable the scheduled query.
Frequency with which to evaluate the rule in "##h##m##s" format.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.
Name of the scheduled query rule.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Severity of the alert from 0 (critical) to 4 (verbose).
The flag which indicates whether the provided query should be validated or not.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The resource type of the target resource(s) in scopes. This must be provided when scopes is resource group or subscription.
Time over which to aggregate metrics in "##h##m##s" format.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for