Resource Manager-sablonminták naplókeresési riasztási szabályokhoz az Azure Monitorban
Ez a cikk az Azure Resource Manager-sablonok mintáit tartalmazza a naplókeresési riasztások Azure Monitorban való létrehozásához és konfigurálásához. Minden minta tartalmaz egy sablonfájlt és egy paraméterfájlt, amely mintaértékeket tartalmaz a sablon számára.
Feljegyzés
Az Azure Monitorhoz készült Azure Resource Manager-mintákban megtalálja az elérhető minták listáját, és útmutatást nyújt az Azure-előfizetésben való üzembe helyezésükhöz.
Feljegyzés
A naplóriasztási szabály tulajdonságaiban szereplő összes adat együttes mérete nem haladhatja meg a 64 KB-ot. Ezt okozhatja a túl sok dimenzió, a lekérdezés túl nagy, túl sok műveletcsoport vagy hosszú leírás. Nagy riasztási szabály létrehozásakor ne felejtse el optimalizálni ezeket a területeket.
Sablon az összes erőforrástípushoz (a 2021-08-01-es verzióból)
Az alábbi minta egy olyan szabályt hoz létre, amely bármilyen erőforrást megcélz.
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Location of the alert')
@minLength(1)
param location string
@description('Description of alert')
param alertDescription string = 'This is a metric alert'
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Specifies whether the alert will automatically resolve')
param autoMitigate bool = true
@description('Specifies whether to check linked storage and fail creation if the storage was not found')
param checkWorkspaceAlertsStorageConfigured bool = false
@description('Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz')
@minLength(1)
param resourceId string
@description('Name of the metric used in the comparison to activate the alert.')
@minLength(1)
param query string
@description('Name of the measure column used in the alert evaluation.')
param metricMeasureColumn string
@description('Name of the resource ID column used in the alert targeting the alerts.')
param resourceIdColumn string
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 1
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 1
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
])
param muteActionsDuration string
@description('The ID of the action group that is triggered when the alert is activated or deactivated')
param actionGroupId string = ''
resource alert 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = {
name: alertName
location: location
tags: {}
properties: {
description: alertDescription
severity: alertSeverity
enabled: isEnabled
scopes: [
resourceId
]
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
allOf: [
{
query: query
metricMeasureColumn: metricMeasureColumn
resourceIdColumn: resourceIdColumn
dimensions: []
operator: operator
threshold: threshold
timeAggregation: timeAggregation
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
}
]
}
muteActionsDuration: muteActionsDuration
autoMitigate: autoMitigate
checkWorkspaceAlertsStorageConfigured: checkWorkspaceAlertsStorageConfigured
actions: {
actionGroups: [
actionGroupId
]
customProperties: {
key1: 'value1'
key2: 'value2'
}
}
}
}
Paraméterfájl
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"value": "New Alert"
},
"location": {
"value": "eastus"
},
"alertDescription": {
"value": "New alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/replace-with-resourceGroup-name/providers/Microsoft.Compute/virtualMachines/replace-with-resource-name"
},
"query": {
"value": "Perf | where ObjectName == \"Processor\" and CounterName == \"% Processor Time\""
},
"metricMeasureColumn": {
"value": "AggregatedValue"
},
"operator": {
"value": "GreaterThan"
},
"threshold": {
"value": "80"
},
"timeAggregation": {
"value": "Average"
},
"actionGroupId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Insights/actionGroups/replace-with-action-group"
}
}
}
Találatsablonok száma (a 2018-04-16-os verzióig)
Az alábbi minta számos eredményriasztási szabályt hoz létre.
Jegyzetek
- Ez a minta egy webhook hasznos adatait tartalmazza. Ha a riasztási szabálynak nem kellene webhookot aktiválnia, távolítsa el a customWebhookPayload elemet.
Sablonfájl
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource logQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample log query alert'
location: location
properties: {
description: 'Sample log query alert'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize count() by Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
customWebhookPayload: '{ "alertname":"#alertrulename", "IncludeSearchResults":true }'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 1
}
}
}
}
Paraméterfájl
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}
Metrikamérési sablon (a 2018-04-16-os verzióig)
Az alábbi minta egy metrikamérési riasztási szabályt hoz létre.
Sablonfájl
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource metricMeasurementLogQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample metric measurement log query alert'
location: location
properties: {
description: 'Sample metric measurement query alert rule'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize AggregatedValue = count() by bin(TimeGenerated,1h), Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 10
metricTrigger: {
thresholdOperator: 'Equal'
threshold: 1
metricTriggerType: 'Consecutive'
metricColumn: 'Computer'
}
}
}
}
}
Paraméterfájl
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}