Scheduled Query Rules - Create Or Update

Reference

Service:: Monitor

API Version:: 2018-04-16

Creates or updates an log search rule.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Insights/scheduledQueryRules/{ruleName}?api-version=2018-04-16

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
ruleName	path	True	string	The name of the rule.
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Required	Type	Description
location	True	string	Resource location
properties.action	True	Action: AlertingAction LogToMetricAction	Action needs to be taken on rule execution.
properties.source	True	Source	Data Source against which rule will Query Data
properties.autoMitigate		boolean	The flag that indicates whether the alert should be automatically resolved or not. The default is false.
properties.description		string	The description of the Log Search rule.
properties.displayName		string	The display name of the alert rule
properties.enabled		enabled	The flag which indicates whether the Log Search rule is enabled. Value should be true or false
properties.schedule		Schedule	Schedule (Frequency, Time Window) for rule. Required for action type - AlertingAction
tags		object	Resource tags

Responses

Name	Type	Description
200 OK	LogSearchRuleResource	Successful request to update an Log Search rule
201 Created	LogSearchRuleResource	Created alert rule
Other Status Codes	ErrorContract	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create or Update rule - AlertingAction

Create or Update rule - AlertingAction with Cross-Resource

Create or Update rule - LogToMetricAction

Create or Update rule - AlertingAction

Sample request

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/logalertfoo?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogMetricTrigger;
import com.azure.resourcemanager.monitor.models.MetricTriggerType;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "logalertfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("log alert description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)")
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(15).withTimeWindowInMinutes(15))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.ONE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(Arrays.asList())
                                    .withEmailSubject("Email Header")
                                    .withCustomWebhookPayload("{}"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(3.0)
                                    .withMetricTrigger(
                                        new LogMetricTrigger()
                                            .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                            .withThreshold(5.0D)
                                            .withMetricTriggerType(MetricTriggerType.CONSECUTIVE)
                                            .withMetricColumn("Computer")))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
func ExampleScheduledQueryRulesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client, err := armmonitor.NewScheduledQueryRulesClient("b67f7fec-69fc-4974-9099-a26bd6ffeda3", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := client.CreateOrUpdate(ctx,
		"Rac46PostSwapRG",
		"logalertfoo",
		armmonitor.LogSearchRuleResource{
			Location: to.Ptr("eastus"),
			Tags:     map[string]*string{},
			Properties: &armmonitor.LogSearchRule{
				Description: to.Ptr("log alert description"),
				Action: &armmonitor.AlertingAction{
					ODataType: to.Ptr("Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"),
					AznsAction: &armmonitor.AzNsActionGroup{
						ActionGroup:          []*string{},
						CustomWebhookPayload: to.Ptr("{}"),
						EmailSubject:         to.Ptr("Email Header"),
					},
					Severity: to.Ptr(armmonitor.AlertSeverityOne),
					Trigger: &armmonitor.TriggerCondition{
						MetricTrigger: &armmonitor.LogMetricTrigger{
							MetricColumn:      to.Ptr("Computer"),
							MetricTriggerType: to.Ptr(armmonitor.MetricTriggerTypeConsecutive),
							Threshold:         to.Ptr[float64](5),
							ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
						},
						Threshold:         to.Ptr[float64](3),
						ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
					},
				},
				Enabled: to.Ptr(armmonitor.EnabledTrue),
				Schedule: &armmonitor.Schedule{
					FrequencyInMinutes:  to.Ptr[int32](15),
					TimeWindowInMinutes: to.Ptr[int32](15),
				},
				Source: &armmonitor.Source{
					DataSourceID: to.Ptr("/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"),
					Query:        to.Ptr("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)"),
					QueryType:    to.Ptr(armmonitor.QueryTypeResultCount),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// TODO: use response item
	_ = res
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
 */
async function createOrUpdateRuleAlertingAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "logalertfoo";
  const parameters = {
    description: "log alert description",
    action: {
      aznsAction: {
        actionGroup: [],
        customWebhookPayload: "{}",
        emailSubject: "Email Header",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "1",
      trigger: {
        metricTrigger: {
          metricColumn: "Computer",
          metricTriggerType: "Consecutive",
          threshold: 5,
          thresholdOperator: "GreaterThan",
        },
        threshold: 3,
        thresholdOperator: "GreaterThan",
      },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 15, timeWindowInMinutes: 15 },
    source: {
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      query: "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

Status code:: 201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat",
      "queryType": "ResultCount",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3
      },
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      }
    }
  }
}

Create or Update rule - AlertingAction with Cross-Resource

Sample request

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/SampleCrossResourceAlert?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction with Cross-Resource.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingActionWithCrossResource(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "SampleCrossResourceAlert",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("Sample Cross Resource alert")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("union requests, workspace(\"sampleWorkspace\").Update")
                            .withAuthorizedResources(
                                Arrays
                                    .asList(
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"))
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(60).withTimeWindowInMinutes(60))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.THREE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(
                                        Arrays
                                            .asList(
                                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"))
                                    .withEmailSubject("Cross Resource Mail!!"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(5000.0))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
 */
async function createOrUpdateRuleAlertingActionWithCrossResource() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "SampleCrossResourceAlert";
  const parameters = {
    description: "Sample Cross Resource alert",
    action: {
      aznsAction: {
        actionGroup: [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag",
        ],
        emailSubject: "Cross Resource Mail!!",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "3",
      trigger: { threshold: 5000, thresholdOperator: "GreaterThan" },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 60, timeWindowInMinutes: 60 },
    source: {
      authorizedResources: [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      ],
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      query: 'union requests, workspace("sampleWorkspace").Update',
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Status code:: 201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Create or Update rule - LogToMetricAction

Sample request

PUT https://management.azure.com/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourcegroups/alertsweu/providers/Microsoft.Insights/scheduledQueryRules/logtometricfoo?api-version=2018-04-16

{
  "location": "West Europe",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "source": {
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.Criteria;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogToMetricAction;
import com.azure.resourcemanager.monitor.models.Source;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
     */
    /**
     * Sample code: Create or Update rule - LogToMetricAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleLogToMetricAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "alertsweu",
                "logtometricfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("West Europe")
                    .withTags(mapOf())
                    .withDescription("log to metric description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withDataSourceId(
                                "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"))
                    .withAction(
                        new LogToMetricAction()
                            .withCriteria(
                                Arrays
                                    .asList(
                                        new Criteria()
                                            .withMetricName("Average_% Idle Time")
                                            .withDimensions(Arrays.asList())))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
 */
async function createOrUpdateRuleLogToMetricAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "af52d502-a447-4bc6-8cb7-4780fbb00490";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "alertsweu";
  const ruleName = "logtometricfoo";
  const parameters = {
    description: "log to metric description",
    action: {
      criteria: [{ dimensions: [], metricName: "Average_% Idle Time" }],
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction",
    },
    enabled: "true",
    location: "West Europe",
    source: {
      dataSourceId:
        "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "displayName": "logtometricfoo",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:31:56.3737792Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

Status code:: 201

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

Definitions

Name	Description
AlertingAction	Specify action need to be taken when rule type is Alert
AlertSeverity	Severity Level of Alert
AzNsActionGroup	Azure action group
ConditionalOperator	Result Condition Evaluation criteria.
Criteria	Specifies the criteria for converting log to metric.
Dimension	Specifies the criteria for converting log to metric.
enabled	The flag which indicates whether the Log Search rule is enabled. Value should be true or false
ErrorContract	Describes the format of Error response.
ErrorResponse	Describes the format of Error response.
LogMetricTrigger	A log metrics trigger descriptor.
LogSearchRuleResource	The Log Search Rule resource.
LogToMetricAction	Specify action need to be taken when rule type is converting log to metric
metricTriggerType	Metric Trigger Type - 'Consecutive' or 'Total'
operator	Operator for dimension values
provisioningState	Provisioning state of the scheduled query rule
QueryType	Set value to 'ResultAccount'
Schedule	Defines how often to run the search and the time interval.
Source	Specifies the log search query.
TriggerCondition	The condition that results in the Log Search rule.

AlertingAction

Specify action need to be taken when rule type is Alert

Name	Type	Description
aznsAction	AzNsActionGroup	Azure action group reference.
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction	Specifies the action. Supported values - AlertingAction, LogToMetricAction
severity	AlertSeverity	Severity of the alert
throttlingInMin	integer	time (in minutes) for which Alerts should be throttled or suppressed.
trigger	TriggerCondition	The trigger condition that results in the alert rule being.

AlertSeverity

Severity Level of Alert

Name	Type	Description
0	string
1	string
2	string
3	string
4	string

AzNsActionGroup

Azure action group

Name	Type	Description
actionGroup	string[]	Azure Action Group reference.
customWebhookPayload	string	Custom payload to be sent for all webhook URI in Azure action group
emailSubject	string	Custom subject override for all email ids in Azure action group

ConditionalOperator

Result Condition Evaluation criteria.

Name	Type	Description
Equal	string
GreaterThan	string
GreaterThanOrEqual	string
LessThan	string
LessThanOrEqual	string

Criteria

Specifies the criteria for converting log to metric.

Name	Type	Description
dimensions	Dimension[]	List of Dimensions for creating metric
metricName	string	Name of the metric

Dimension

Specifies the criteria for converting log to metric.

Name	Type	Description
name	string	Name of the dimension
operator	operator	Operator for dimension values
values	string[]	List of dimension values

enabled

The flag which indicates whether the Log Search rule is enabled. Value should be true or false

Name	Type	Description
false	string
true	string

ErrorContract

Describes the format of Error response.

Name	Type	Description
error	ErrorResponse	The error details.

ErrorResponse

Describes the format of Error response.

Name	Type	Description
code	string	Error code
message	string	Error message indicating why the operation failed.

LogMetricTrigger

A log metrics trigger descriptor.

Name	Type	Default value	Description
metricColumn	string		Evaluation of metric on a particular column
metricTriggerType	metricTriggerType	Consecutive	Metric Trigger Type - 'Consecutive' or 'Total'
threshold	number		The threshold of the metric trigger.
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	Evaluation operation for Metric -'GreaterThan' or 'LessThan' or 'Equal'.

LogSearchRuleResource

The Log Search Rule resource.

Name	Type	Default value	Description
etag	string		The etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal etag convention. Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header fields.
id	string		Azure resource Id
kind	string		Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value.
location	string		Resource location
name	string		Azure resource name
properties.action	Action: AlertingAction LogToMetricAction		Action needs to be taken on rule execution.
properties.autoMitigate	boolean	False	The flag that indicates whether the alert should be automatically resolved or not. The default is false.
properties.createdWithApiVersion	string		The api-version used when creating this alert rule
properties.description	string		The description of the Log Search rule.
properties.displayName	string		The display name of the alert rule
properties.enabled	enabled		The flag which indicates whether the Log Search rule is enabled. Value should be true or false
properties.isLegacyLogAnalyticsRule	boolean		True if alert rule is legacy Log Analytic rule
properties.lastUpdatedTime	string		Last time the rule was updated in IS08601 format.
properties.provisioningState	provisioningState		Provisioning state of the scheduled query rule
properties.schedule	Schedule		Schedule (Frequency, Time Window) for rule. Required for action type - AlertingAction
properties.source	Source		Data Source against which rule will Query Data
tags	object		Resource tags
type	string		Azure resource type

LogToMetricAction

Specify action need to be taken when rule type is converting log to metric

Name	Type	Description
criteria	Criteria[]	Criteria of Metric
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction	Specifies the action. Supported values - AlertingAction, LogToMetricAction

metricTriggerType

Metric Trigger Type - 'Consecutive' or 'Total'

Name	Type	Description
Consecutive	string
Total	string

operator

Operator for dimension values

Name	Type	Description
Include	string

provisioningState

Provisioning state of the scheduled query rule

Name	Type	Description
Canceled	string
Deploying	string
Failed	string
Succeeded	string

QueryType

Set value to 'ResultAccount'

Name	Type	Description
ResultCount	string

Schedule

Defines how often to run the search and the time interval.

Name	Type	Description
frequencyInMinutes	integer	frequency (in minutes) at which rule condition should be evaluated.
timeWindowInMinutes	integer	Time window for which data needs to be fetched for query (should be greater than or equal to frequencyInMinutes).

Source

Specifies the log search query.

Name	Type	Description
authorizedResources	string[]	List of Resource referred into query
dataSourceId	string	The resource uri over which log search query is to be run.
query	string	Log search query. Required for action type - AlertingAction
queryType	QueryType	Set value to 'ResultCount' .

TriggerCondition

The condition that results in the Log Search rule.

Name	Type	Default value	Description
metricTrigger	LogMetricTrigger		Trigger condition for metric query rule
threshold	number		Result or count threshold based on which rule should be triggered.
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	Evaluation operation for rule - 'GreaterThan' or 'LessThan.

Share via

Scheduled Query Rules - Create Or Update

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Create or Update rule - AlertingAction

Sample request

Sample response

Create or Update rule - AlertingAction with Cross-Resource

Sample request

Sample response

Create or Update rule - LogToMetricAction

Sample request

Sample response

Definitions

AlertingAction

AlertSeverity

AzNsActionGroup

ConditionalOperator

Criteria

Dimension

enabled

ErrorContract

ErrorResponse

LogMetricTrigger

LogSearchRuleResource

LogToMetricAction

metricTriggerType

operator

provisioningState

QueryType

Schedule

Source

TriggerCondition

Additional resources