Eventi
Creare app e agenti di intelligenza artificiale
17 mar, 21 - 21 mar, 10
Partecipa alla serie meetup per creare soluzioni di intelligenza artificiale scalabili basate su casi d'uso reali con altri sviluppatori ed esperti.
Iscriviti subitoEsempi di modelli di Resource Manager per le regole di avviso di ricerca log in Monitoraggio di Azure
Questo articolo include esempi di modelli di Azure Resource Manager per creare e configurare avvisi di ricerca log in Monitoraggio di Azure. Ogni esempio include un file modello e un file di parametri con valori di esempio da fornire al modello.
Nota
Vedere esempi di Azure Resource Manager per Monitoraggio di Azure per un elenco di esempi disponibili e indicazioni sulla distribuzione nella sottoscrizione di Azure.
Nota
La dimensione combinata di tutti i dati nelle proprietà della regola di avviso log non può superare 64 kB. Ciò può essere causato da troppe dimensioni, da una query troppo grande, da troppi gruppi di azioni o da una descrizione lunga. Quando si crea una regola di avviso di grandi dimensioni, ricordarsi di ottimizzare queste aree.
L'esempio seguente crea una regola che può essere usata con qualsiasi risorsa.
Bicep
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Location of the alert')
@minLength(1)
param location string
@description('Description of alert')
param alertDescription string = 'This is a metric alert'
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Specifies whether the alert will automatically resolve')
param autoMitigate bool = true
@description('Specifies whether to check linked storage and fail creation if the storage was not found')
param checkWorkspaceAlertsStorageConfigured bool = false
@description('Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz')
@minLength(1)
param resourceId string
@description('Name of the metric used in the comparison to activate the alert.')
@minLength(1)
param query string
@description('Name of the measure column used in the alert evaluation.')
param metricMeasureColumn string
@description('Name of the resource ID column used in the alert targeting the alerts.')
param resourceIdColumn string
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 1
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 1
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT10M'
'PT15M'
'PT30M'
'PT45M'
'PT1H'
'PT2H'
'PT3H'
'PT4H'
'PT5H'
'PT6H'
'PT24H'
'PT48H'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
])
param muteActionsDuration string
@description('The ID of the action group that is triggered when the alert is activated or deactivated')
param actionGroupId string = ''
resource alert 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = {
name: alertName
location: location
tags: {}
properties: {
description: alertDescription
severity: alertSeverity
enabled: isEnabled
scopes: [
resourceId
]
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
allOf: [
{
query: query
metricMeasureColumn: metricMeasureColumn
resourceIdColumn: resourceIdColumn
dimensions: []
operator: operator
threshold: threshold
timeAggregation: timeAggregation
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
}
]
}
muteActionsDuration: muteActionsDuration
autoMitigate: autoMitigate
checkWorkspaceAlertsStorageConfigured: checkWorkspaceAlertsStorageConfigured
actions: {
actionGroups: [
actionGroupId
]
customProperties: {
key1: 'value1'
key2: 'value2'
}
}
}
}
JSON
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"value": "New Alert"
},
"location": {
"value": "eastus"
},
"alertDescription": {
"value": "New alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/replace-with-resourceGroup-name/providers/Microsoft.Compute/virtualMachines/replace-with-resource-name"
},
"query": {
"value": "Perf | where ObjectName == \"Processor\" and CounterName == \"% Processor Time\""
},
"metricMeasureColumn": {
"value": "AggregatedValue"
},
"operator": {
"value": "GreaterThan"
},
"threshold": {
"value": 80
},
"timeAggregation": {
"value": "Average"
},
"actionGroupId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Insights/actionGroups/replace-with-action-group"
}
}
}
L'esempio seguente viene creata una regola di avviso Numero di risultati.
- Questo esempio include un payload del webhook. Se la regola di avviso non deve attivare un webhook, rimuovere l'elemento customWebhookPayload.
Bicep
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource logQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample log query alert'
location: location
properties: {
description: 'Sample log query alert'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize count() by Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
customWebhookPayload: '{ "alertname":"#alertrulename", "IncludeSearchResults":true }'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 1
}
}
}
}
JSON
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}
L'esempio seguente crea una regola di avviso Unità di misura della metrica.
Bicep
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource metricMeasurementLogQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample metric measurement log query alert'
location: location
properties: {
description: 'Sample metric measurement query alert rule'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize AggregatedValue = count() by bin(TimeGenerated,1h), Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 10
metricTrigger: {
thresholdOperator: 'Equal'
threshold: 1
metricTriggerType: 'Consecutive'
metricColumn: 'Computer'
}
}
}
}
}
JSON
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}
Risorse aggiuntive
Formazione
Modulo
Migliorare la risposta agli incidenti con gli avvisi di Monitoraggio di Azure - Training
Rispondere a incidenti e attività nell'infrastruttura usando gli avvisi di Monitoraggio di Azure.
Documentazione
-
Esempi di modelli di Resource Manager per gli avvisi delle metriche - Azure Monitor
Questo articolo include esempi di modelli di Azure Resource Manager usati per creare avvisi delle metriche in Monitoraggio di Azure.
-
Esempi di modelli di Resource Manager per gli avvisi del log attività - Azure Monitor
Modelli di Azure Resource Manager di esempio per distribuire avvisi del log attività di Monitoraggio di Azure.
-
Questo articolo illustra come creare una nuova regola di avviso usando l'interfaccia della riga di comando, PowerShell o un modello di Resource Manager.