Définitions de schéma d’alerte noncommon
Les schémas d'alerte non courants étaient historiquement utilisés pour personnaliser les modèles d'e-mails d'alerte et les schémas de webhook pour les règles d'alerte de métrique, de recherche de journaux et de journal d'activité. Nous vous recommandons d’utiliser le schéma commun pour tous les types d’alertes et intégrations.
Cet article décrit les définitions de schéma d’alerte noncommon pour Azure Monitor, y compris les définitions pour :
- Webhooks
- Azure Logic Apps
- Azure Functions
- Runbooks Azure Automation
Alertes de métriques
Consultez des exemples de valeurs pour les alertes de métrique.
Alertes de métriques : seuil statique
Exemples de valeurs
{
"schemaId": "AzureMonitorMetricAlert",
"data": {
"version": "2.0",
"properties": {
"customKey1": "value1",
"customKey2": "value2"
},
"status": "Activated",
"context": {
"timestamp": "2021-11-15T09:35:12.9703687Z",
"id": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/microsoft.insights/metricAlerts/test-metricAlertRule",
"name": "test-metricAlertRule",
"description": "Alert rule description",
"conditionType": "SingleResourceMultipleMetricCriteria",
"severity": "3",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Transactions",
"metricNamespace": "Microsoft.Storage/storageAccounts",
"operator": "GreaterThan",
"threshold": "0",
"timeAggregation": "Total",
"dimensions": [
{
"name": "ApiName",
"value": "GetBlob"
}
],
"metricValue": 100,
"webTestName": null
}
]
},
"subscriptionId": "11111111-1111-1111-1111-111111111111",
"resourceGroupName": "test-RG",
"resourceName": "test-storageAccount",
"resourceType": "Microsoft.Storage/storageAccounts",
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount",
"portalLink": "https://portal.azure.com/#resource/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount"
}
}
}
Alertes de métriques : seuil dynamique
Exemples de valeurs
{
"schemaId": "AzureMonitorMetricAlert",
"data": {
"version": "2.0",
"properties": {
"customKey1": "value1",
"customKey2": "value2"
},
"status": "Activated",
"context": {
"timestamp": "2021-11-15T09:35:24.3468506Z",
"id": "/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/test-RG/providers/microsoft.insights/metricalerts/test-metricAlertRule",
"name": "test-metricAlertRule",
"description": "Alert rule description",
"conditionType": "DynamicThresholdCriteria",
"severity": "3",
"condition": {
"windowSize": "PT15M",
"allOf": [
{
"alertSensitivity": "Low",
"failingPeriods": {
"numberOfEvaluationPeriods": 3,
"minFailingPeriodsToAlert": 3
},
"ignoreDataBefore": null,
"metricName": "Transactions",
"metricNamespace": "Microsoft.Storage/storageAccounts",
"operator": "GreaterThan",
"threshold": "0.3",
"timeAggregation": "Average",
"dimensions": [],
"metricValue": 78.09,
"webTestName": null
}
]
},
"subscriptionId": "11111111-1111-1111-1111-111111111111",
"resourceGroupName": "test-RG",
"resourceName": "test-storageAccount",
"resourceType": "Microsoft.Storage/storageAccounts",
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount",
"portalLink": "https://portal.azure.com/#resource/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount"
}
}
}
Alertes de recherche dans les journaux
Consultez des exemples de valeurs pour les alertes de recherche de journaux.
monitoringService = Alertes de journal V1 – Métrique
Exemples de valeurs
{
"SubscriptionId": "11111111-1111-1111-1111-111111111111",
"AlertRuleName": "test-logAlertRule-v1-metricMeasurement",
"SearchQuery": "Heartbeat | summarize AggregatedValue=count() by bin(TimeGenerated, 5m)",
"SearchIntervalStartTimeUtc": "2021-11-15T15:16:49Z",
"SearchIntervalEndtimeUtc": "2021-11-16T15:16:49Z",
"AlertThresholdOperator": "Greater Than",
"AlertThresholdValue": 0,
"ResultCount": 2,
"SearchIntervalInSeconds": 86400,
"LinkToSearchResults": "https://portal.azure.com#@aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%2F11111111-1111-1111-1111-111111111111%2FresourceGroups%2Ftest-RG%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Ftest-logAnalyticsWorkspace%22%7D%5D%7D/q/aBcDeFgHi%2BWqaBcDeFgHiMqsSlVwTE8vSk1PLElNCUvMKU2aBcDeFgHiaBcDeFgHiaBcDeFgHiaBcDeFgHiaBcDeFgHi/prettify/1/timespan/2021-11-15T15%3a16%3a49.0000000Z%2f2021-11-16T15%3a16%3a49.0000000Z",
"LinkToFilteredSearchResultsUI": "https://portal.azure.com#@aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%2F11111111-1111-1111-1111-111111111111%2FresourceGroups%2Ftest-RG%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Ftest-logAnalyticsWorkspace%22%7D%5D%7D/q/aBcDeFgHiaBcDeFgHiaBcDeFgHiTP1DtWhcTfIApUfTx0dp%2BOPOhDKsHR%2FFeJXsaBcDeFgHiaBcDeFgHiaBcDeFgHiaBcDeFgHiaBcDeFgHiaBcDeFgHiRI9mhc%3D/prettify/1/timespan/2021-11-15T15%3a16%3a49.0000000Z%2f2021-11-16T15%3a16%3a49.0000000Z",
"LinkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/query?query=Heartbeat%20%0A%7C%20summarize%20AggregatedValue%3Dcount%28%29%20by%20bin%28TimeGenerated%2C%205m%29×pan=2021-11-15T15%3a16%3a49.0000000Z%2f2021-11-16T15%3a16%3a49.0000000Z",
"LinkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/query?query=Heartbeat%20%0A%7C%20summarize%20AggregatedValue%3Dcount%28%29%20by%20bin%28TimeGenerated%2C%205m%29%7C%20where%20todouble%28AggregatedValue%29%20%3E%200×pan=2021-11-15T15%3a16%3a49.0000000Z%2f2021-11-16T15%3a16%3a49.0000000Z",
"Description": "Alert rule description",
"Severity": "3",
"SearchResult": {
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "AggregatedValue",
"type": "long"
}
],
"rows": [
[
"2021-11-16T10:56:49Z",
11
],
[
"2021-11-16T11:56:49Z",
11
]
]
}
],
"dataSources": [
{
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/test-RG/providers/microsoft.operationalinsights/workspaces/test-logAnalyticsWorkspace",
"region": "eastus",
"tables": [
"Heartbeat"
]
}
]
},
"WorkspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"ResourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.OperationalInsights/workspaces/test-logAnalyticsWorkspace",
"AlertType": "Metric measurement",
"Dimensions": []
}
monitoringService = Alertes de journal V1 – Numresults
Exemples de valeurs
{
"SubscriptionId": "11111111-1111-1111-1111-111111111111",
"AlertRuleName": "test-logAlertRule-v1-numResults",
"SearchQuery": "Heartbeat",
"SearchIntervalStartTimeUtc": "2021-11-15T15:15:24Z",
"SearchIntervalEndtimeUtc": "2021-11-16T15:15:24Z",
"AlertThresholdOperator": "Greater Than",
"AlertThresholdValue": 0,
"ResultCount": 1,
"SearchIntervalInSeconds": 86400,
"LinkToSearchResults": "https://portal.azure.com#@aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%2F11111111-1111-1111-1111-111111111111%2FresourceGroups%2Ftest-RG%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Ftest-logAnalyticsWorkspace%22%7D%5D%7D/q/aBcDeFgHi%2ABCDE%3D%3D/prettify/1/timespan/2021-11-15T15%3a15%3a24.0000000Z%2f2021-11-16T15%3a15%3a24.0000000Z",
"LinkToFilteredSearchResultsUI": "https://portal.azure.com#@aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%2F11111111-1111-1111-1111-111111111111%2FresourceGroups%2Ftest-RG%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Ftest-logAnalyticsWorkspace%22%7D%5D%7D/q/aBcDeFgHi%2ABCDE%3D%3D/prettify/1/timespan/2021-11-15T15%3a15%3a24.0000000Z%2f2021-11-16T15%3a15%3a24.0000000Z",
"LinkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/query?query=Heartbeat%0A×pan=2021-11-15T15%3a15%3a24.0000000Z%2f2021-11-16T15%3a15%3a24.0000000Z",
"LinkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/query?query=Heartbeat%0A×pan=2021-11-15T15%3a15%3a24.0000000Z%2f2021-11-16T15%3a15%3a24.0000000Z",
"Description": "Alert rule description",
"Severity": "3",
"SearchResult": {
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "TenantId",
"type": "string"
},
{
"name": "Computer",
"type": "string"
},
{
"name": "TimeGenerated",
"type": "datetime"
}
],
"rows": [
[
"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"test-computer",
"2021-11-16T12:00:00Z"
]
]
}
],
"dataSources": [
{
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/test-RG/providers/microsoft.operationalinsights/workspaces/test-logAnalyticsWorkspace",
"region": "eastus",
"tables": [
"Heartbeat"
]
}
]
},
"WorkspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"ResourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.OperationalInsights/workspaces/test-logAnalyticsWorkspace",
"AlertType": "Number of results"
}
Alertes de journal d’activité
Consultez des exemples de valeurs pour quatre alertes de journal d’activité.
monitoringService = Journal d'activité – Administratif
Exemples de valeurs
{
"schemaId": "Microsoft.Insights/activityLogs",
"data": {
"status": "Activated",
"context": {
"activityLog": {
"authorization": {
"action": "Microsoft.Compute/virtualMachines/restart/action",
"scope": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Compute/virtualMachines/test-VM"
},
"channels": "Operation",
"claims": "{}",
"caller": "user-email@domain.com",
"correlationId": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"description": "",
"eventSource": "Administrative",
"eventTimestamp": "2021-11-16T08:27:36.1836909+00:00",
"eventDataId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"level": "Informational",
"operationName": "Microsoft.Compute/virtualMachines/restart/action",
"operationId": "cccccccc-cccc-cccc-cccc-cccccccccccc",
"properties": {
"eventCategory": "Administrative",
"entity": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Compute/virtualMachines/test-VM",
"message": "Microsoft.Compute/virtualMachines/restart/action",
"hierarchy": "22222222-2222-2222-2222-222222222222/CnAIOrchestrationServicePublicCorpprod/33333333-3333-3333-3333-3333333303333/44444444-4444-4444-4444-444444444444/55555555-5555-5555-5555-555555555555/11111111-1111-1111-1111-111111111111"
},
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Compute/virtualMachines/test-VM",
"resourceGroupName": "test-RG",
"resourceProviderName": "Microsoft.Compute",
"status": "Succeeded",
"subStatus": "",
"subscriptionId": "11111111-1111-1111-1111-111111111111",
"submissionTimestamp": "2021-11-16T08:29:00.141807+00:00",
"resourceType": "Microsoft.Compute/virtualMachines"
}
},
"properties": {
"customKey1": "value1",
"customKey2": "value2"
}
}
}
monitoringService = Service Health
Exemples de valeurs
{
"schemaId": "Microsoft.Insights/activityLogs",
"data": {
"status": "Activated",
"context": {
"activityLog": {
"channels": "Admin",
"correlationId": "11223344-1234-5678-abcd-aabbccddeeff",
"description": "This alert rule will trigger when there are updates to a service issue impacting subscription <name>.",
"eventSource": "ServiceHealth",
"eventTimestamp": "2021-11-17T05:34:44.5778226+00:00",
"eventDataId": "12345678-1234-1234-1234-1234567890ab",
"level": "Warning",
"operationName": "Microsoft.ServiceHealth/incident/action",
"operationId": "12345678-abcd-efgh-ijkl-abcd12345678",
"properties": {
"title": "Test Action Group - Test Service Health Alert",
"service": "Azure Service Name",
"region": "Global",
"communication": "<p><strong>Summary of impact</strong>: This is the impact summary.</p>\n<p><br></p>\n<p><strong>Preliminary Root Cause</strong>: This is the preliminary root cause.</p>\n<p><br></p>\n<p><strong>Mitigation</strong>: Mitigation description.</p>\n<p><br></p>\n<p><strong>Next steps</strong>: These are the next steps. </p>\n<p><br></p>\n<p>Stay informed about Azure service issues by creating custom service health alerts: <a href=\"https://aka.ms/ash-videos\" rel=\"noopener noreferrer\" target=\"_blank\">https://aka.ms/ash-videos</a> for video tutorials and <a href=\"https://aka.ms/ash-alerts%20for%20how-to%20documentation\" rel=\"noopener noreferrer\" target=\"_blank\">https://aka.ms/ash-alerts for how-to documentation</a>.</p>\n<p><br></p>",
"incidentType": "Incident",
"trackingId": "ABC1-DEF",
"impactStartTime": "2021-11-16T20:00:00.0000000Z",
"impactMitigationTime": "2021-11-17T01:00:00.0000000Z",
"impactedServices": "[{\"ImpactedRegions\":[{\"RegionName\":\"Global\"}],\"ServiceName\":\"Azure Service Name\"}]",
"impactedServicesTableRows": "<tr>\r\n<td align='center' style='padding: 5px 10px; border-right:1px solid black; border-bottom:1px solid black'>Azure Service Name</td>\r\n<td align='center' style='padding: 5px 10px; border-bottom:1px solid black'>Global<br></td>\r\n</tr>\r\n",
"defaultLanguageTitle": "Test Action Group - Test Service Health Alert",
"defaultLanguageContent": "<p><strong>Summary of impact</strong>: This is the impact summary.</p>\n<p><br></p>\n<p><strong>Preliminary Root Cause</strong>: This is the preliminary root cause.</p>\n<p><br></p>\n<p><strong>Mitigation</strong>: Mitigation description.</p>\n<p><br></p>\n<p><strong>Next steps</strong>: These are the next steps. </p>\n<p><br></p>\n<p>Stay informed about Azure service issues by creating custom service health alerts: <a href=\"https://aka.ms/ash-videos\" rel=\"noopener noreferrer\" target=\"_blank\">https://aka.ms/ash-videos</a> for video tutorials and <a href=\"https://aka.ms/ash-alerts%20for%20how-to%20documentation\" rel=\"noopener noreferrer\" target=\"_blank\">https://aka.ms/ash-alerts for how-to documentation</a>.</p>\n<p><br></p>",
"stage": "Resolved",
"communicationId": "11223344556677",
"isHIR": "false",
"isSynthetic": "True",
"impactType": "SubscriptionList",
"version": "0.1.1"
},
"status": "Resolved",
"subscriptionId": "11111111-1111-1111-1111-111111111111",
"submissionTimestamp": "2021-11-17T01:23:45.0623172+00:00"
}
},
"properties": {
"customKey1": "value1",
"customKey2": "value2"
}
}
}
monitoringService = Resource Health
Exemples de valeurs
{
"schemaId": "Microsoft.Insights/activityLogs",
"data": {
"status": "Activated",
"context": {
"activityLog": {
"channels": "Admin, Operation",
"correlationId": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"eventSource": "ResourceHealth",
"eventTimestamp": "2021-11-16T09:50:20.406+00:00",
"eventDataId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"level": "Informational",
"operationName": "Microsoft.Resourcehealth/healthevent/Activated/action",
"operationId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"properties": {
"title": "Rebooted by user",
"details": null,
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Available",
"type": "Downtime",
"cause": "UserInitiated"
},
"resourceId": "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/test-RG/providers/Microsoft.Compute/virtualMachines/test-VM",
"resourceGroupName": "test-RG",
"resourceProviderName": "Microsoft.Resourcehealth/healthevent/action",
"status": "Active",
"subscriptionId": "11111111-1111-1111-1111-111111111111",
"submissionTimestamp": "2021-11-16T09:54:08.5303319+00:00",
"resourceType": "MICROSOFT.COMPUTE/VIRTUALMACHINES"
}
},
"properties": {
"customKey1": "value1",
"customKey2": "value2"
}
}
}
monitoringService = Budget de coût réel ou Budget prévu
Exemples de valeurs
{
"schemaId": "AIP Budget Notification",
"data": {
"SubscriptionName": "test-subscription",
"SubscriptionId": "11111111-1111-1111-1111-111111111111",
"EnrollmentNumber": "",
"DepartmentName": "test-budgetDepartmentName",
"AccountName": "test-budgetAccountName",
"BillingAccountId": "",
"BillingProfileId": "",
"InvoiceSectionId": "",
"ResourceGroup": "test-RG",
"SpendingAmount": "1111.32",
"BudgetStartDate": "2023-01-20T23:49:40.216Z",
"Budget": "10000",
"Unit": "USD",
"BudgetCreator": "email@domain.com",
"BudgetName": "test-budgetName",
"BudgetType": "Cost",
"NotificationThresholdAmount": "8000.0"
}
}