在 Azure 監視器記錄中建立計量警示
概觀
注意
建議您使用 Azure Az PowerShell 模組來與 Azure 互動。 請參閱安裝 Azure PowerShell 以開始使用。 若要了解如何移轉至 Az PowerShell 模組,請參閱將 Azure PowerShell 從 AzureRM 移轉至 Az。
記錄 的計量警示可讓您在 Azure 監視器記錄中預先定義的記錄集上運用計量警示功能。 可從 Azure 或內部部署電腦收集的受監視記錄會轉換成計量,然後使用計量警示規則進行監視,就像任何其他計量一樣。 支援的 Log Analytics 記錄如下:
- Windows 和 Linux 機器的性能計數器 (與支援的 Log Analytics 工作區計量對應)
- 代理程式健康情況的活動訊號記錄
- 更新管理 記錄
- 事件數據 記錄
針對 Azure 中的查詢型記錄搜尋警示使用計量警示有許多優點;以下列出其中一些:
- 計量警示提供近乎即時的監視功能,以及記錄來源中記錄分支數據的計量警示,以確保相同。
- 計量警示是具狀態的 - 只有在引發警示時通知一次,並在解決警示時通知一次;與記錄搜尋警示相反,如果符合警示條件,則為無狀態並持續引發每個間隔。
- 記錄的計量警示提供多個維度,允許篩選特定值,例如計算機、OS 類型等。不需要在Log Analytics中定義複雜的查詢。
注意
只有在所選期間中的數據存在時,才會顯示特定的計量和/或維度。 這些計量適用於具有 Azure Log Analytics 工作區的客戶。
記錄支援的計量和維度
計量警示支持針對使用維度的計量發出警示。 您可以使用維度,將計量篩選為正確的層級。 Log Analytics 工作區計量清單支援的完整計量清單相當於Log Analytics工作區計量清單。
注意
若要透過 Azure 監視器 - 計量檢視從 Log Analytics 工作區擷取的支援計量,您必須在該特定計量上建立記錄的計量警示。 記錄計量警示中選擇的維度 ,只會顯示透過 Azure 監視器 - 計量進行探索。
建立 Log Analytics 的計量警示
在 Log Analytics 中處理計量數據之前,會透過管道將熱門記錄中的計量數據傳送至 Azure 監視器 - 計量。 這可讓使用者利用計量平臺的功能以及計量警示,包括有頻率高達 1 分鐘的警示。 以下列出為記錄製作計量警示的方法。
記錄計量警示的必要條件
在 Log Analytics 數據上收集的記錄計量運作之前,必須設定下列專案並可供使用:
- 作用中的Log Analytics工作區:必須存在有效且有效的Log Analytics工作區。 如需詳細資訊,請參閱在 Azure 入口網站 中建立Log Analytics工作區。
- 已針對Log Analytics工作區設定代理程式:必須針對 Azure VM(和/或)內部部署 VM 設定代理程式,才能將數據傳送至先前步驟中使用的 Log Analytics 工作區。 如需詳細資訊,請參閱 Log Analytics - 代理程式概觀。
- 已安裝支援的Log Analytics解決方案:Log Analytics解決方案應設定並傳送數據到Log Analytics 工作區 - 支援的解決方案是 Windows 和 Linux 的性能計數器、代理程式健康情況的活動訊號記錄、更新管理和事件數據。
- 設定為傳送記錄的Log Analytics解決方案:Log Analytics解決方案應具有與已啟用Log Analytics工作區所支援計量相對應的必要記錄/數據。 例如,針對 %Available Memory 計數器,其必須先在性能計數器解決方案中設定。
設定記錄的計量警示
您可以使用 Azure 入口網站、Resource Manager 範本、REST API、PowerShell 和 Azure CLI 來建立和管理計量警示。 由於記錄的計量警示是計量警示的變體-一旦必要條件完成,就可以為指定的Log Analytics工作區建立記錄的計量警示。 計量警示的所有特性和功能也適用於記錄的計量警示;包括承載架構、適用的配額限制和計費價格。
如需逐步詳細數據和範例 - 請參閱 建立和管理計量警示。 具體而言,針對記錄的計量警示 - 請遵循管理計量警示的指示,並確定下列事項:
- 計量警示的目標為有效的 Log Analytics工作區
- 針對所選 Log Analytics 工作區 選擇計量警示的訊號類型為 計量
- 使用維度篩選來篩選特定條件或資源;記錄的計量是多維度
- 設定 訊號邏輯時,可以建立單一警示以跨越維度的多個值(例如電腦)
- 如果未使用 Azure 入口網站 建立所選 Log Analytics 工作區的計量警示,則用戶必須先手動建立明確的規則,以使用 Azure 監視器 - 排程查詢規則將記錄數據轉換成計量。
注意
透過 Azure 入口網站 建立記錄的計量警示時-透過 Azure 監視器將記錄數據轉換成計量的對應規則 - 排程查詢規則會自動在背景建立,而不需要任何使用者介入或動作。 如需使用 Azure 入口網站 以外的方式所建立記錄的計量警示,請參閱記錄計量警示的資源範本一節,以瞭解在計量警示建立之前建立 ScheduledQueryRule 型記錄到計量轉換規則的範例方法一節,否則在建立計量警示時不會有任何數據。
記錄計量警示的資源範本
如先前所述,建立記錄計量警示的程式有兩個程式:
- 使用 scheduledQueryRule API 建立從支持記錄擷取計量的規則
- 針對從記錄擷取的計量建立計量警示(在步驟 1 中)和 Log Analytics 工作區作為目標資源
具有靜態臨界值之記錄的計量警示
若要達到相同的目的,您可以使用下面的範例 Azure Resource Manager 範本 -- 建立靜態閾值計量警示取決於成功建立規則,以透過 scheduledQueryRule 從記錄擷取計量。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"convertRuleName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the rule to convert log to metric"
}
},
"convertRuleDescription": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Description for log converted to metric"
}
},
"convertRuleRegion": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the region used by workspace"
}
},
"convertRuleStatus": {
"type": "string",
"defaultValue": "true",
"metadata": {
"description": "Specifies whether the log conversion rule is enabled"
}
},
"convertRuleMetric": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the metric once extraction done from logs."
}
},
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "This is a metric alert",
"metadata": {
"description": "Description of alert"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"resourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example: /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
}
},
"metricName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the metric used in the comparison to activate the alert."
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"NotEquals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"actionGroupId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The ID of the action group that is triggered when the alert is activated or deactivated"
}
}
},
"variables": {
"convertRuleSourceWorkspace": {
"SourceId": "/subscriptions/1234-56789-1234-567a/resourceGroups/resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
}
},
"resources": [
{
"name": "[parameters('convertRuleName')]",
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[parameters('convertRuleRegion')]",
"properties": {
"description": "[parameters('convertRuleDescription')]",
"enabled": "[parameters('convertRuleStatus')]",
"source": {
"dataSourceId": "[variables('convertRuleSourceWorkspace').SourceId]"
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction",
"criteria": [{
"metricName": "[parameters('convertRuleMetric')]",
"dimensions": []
}
]
}
}
},
{
"name": "[parameters('alertName')]",
"type": "Microsoft.Insights/metricAlerts",
"location": "global",
"apiVersion": "2018-03-01",
"tags": {},
"dependsOn":["[resourceId('Microsoft.Insights/scheduledQueryRules',parameters('convertRuleName'))]"],
"properties": {
"description": "[parameters('alertDescription')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"scopes": ["[parameters('resourceId')]"],
"evaluationFrequency":"[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria",
"allOf": [
{
"name" : "1st criterion",
"metricName": "[parameters('metricName')]",
"dimensions":[],
"operator": "[parameters('operator')]",
"threshold" : "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]"
}
]
},
"actions": [
{
"actionGroupId": "[parameters('actionGroupId')]"
}
]
}
}
]
}
假設上述 JSON 會儲存為metricfromLogsAlertStatic.json ,然後它就可以與參數 JSON 檔案結合,以建立資源範本。 以下列出範例參數 JSON 檔案:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"convertRuleName": {
"value": "TestLogtoMetricRule"
},
"convertRuleDescription": {
"value": "Test rule to extract metrics from logs via template"
},
"convertRuleRegion": {
"value": "West Central US"
},
"convertRuleStatus": {
"value": "true"
},
"convertRuleMetric": {
"value": "Average_% Idle Time"
},
"alertName": {
"value": "TestMetricAlertonLog"
},
"alertDescription": {
"value": "New multi-dimensional metric alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/1234-56789-1234-567a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
},
"metricName":{
"value": "Average_% Idle Time"
},
"operator": {
"value": "GreaterThan"
},
"threshold":{
"value": "1"
},
"timeAggregation":{
"value": "Average"
},
"actionGroupId": {
"value": "/subscriptions/1234-56789-1234-567a/resourceGroups/myRG/providers/microsoft.insights/actionGroups/actionGroupName"
}
}
}
假設上述參數檔案儲存為metricfromLogsAlertStatic.parameters.json;然後,您可以使用資源範本建立記錄的計量警示,以在 Azure 入口網站 中建立。
或者,您也可以使用下列 Azure PowerShell 命令:
New-AzResourceGroupDeployment -ResourceGroupName "myRG" -TemplateFile metricfromLogsAlertStatic.json TemplateParameterFile metricfromLogsAlertStatic.parameters.json
或使用 Azure CLI 部署資源範本:
az deployment group create --resource-group myRG --template-file metricfromLogsAlertStatic.json --parameters @metricfromLogsAlertStatic.parameters.json
具有動態臨界值之記錄的計量警示
若要達到相同的目的,您可以使用下列範例 Azure Resource Manager 範本 -- 建立動態閾值計量警示取決於成功建立規則,以透過 scheduledQueryRule 從記錄擷取計量。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"convertRuleName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the rule to convert log to metric"
}
},
"convertRuleDescription": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Description for log converted to metric"
}
},
"convertRuleRegion": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the region used by workspace"
}
},
"convertRuleStatus": {
"type": "string",
"defaultValue": "true",
"metadata": {
"description": "Specifies whether the log conversion rule is enabled"
}
},
"convertRuleMetric": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the metric once extraction done from logs."
}
},
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "This is a metric alert",
"metadata": {
"description": "Description of alert"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"resourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example: /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
}
},
"metricName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the metric used in the comparison to activate the alert."
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterOrLessThan",
"allowedValues": [
"GreaterThan",
"LessThan",
"GreaterOrLessThan"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"alertSensitivity": {
"type": "string",
"defaultValue": "Medium",
"allowedValues": [
"High",
"Medium",
"Low"
],
"metadata": {
"description": "Tunes how 'noisy' the Dynamic Thresholds alerts will be: 'High' will result in more alerts while 'Low' will result in fewer alerts."
}
},
"numberOfEvaluationPeriods": {
"type": "string",
"defaultValue": "4",
"metadata": {
"description": "The number of periods to check in the alert evaluation."
}
},
"minFailingPeriodsToAlert": {
"type": "string",
"defaultValue": "3",
"metadata": {
"description": "The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods)."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"actionGroupId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The ID of the action group that is triggered when the alert is activated or deactivated"
}
}
},
"variables": {
"convertRuleSourceWorkspace": {
"SourceId": "/subscriptions/1234-56789-1234-567a/resourceGroups/resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
}
},
"resources": [
{
"name": "[parameters('convertRuleName')]",
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "[parameters('convertRuleRegion')]",
"properties": {
"description": "[parameters('convertRuleDescription')]",
"enabled": "[parameters('convertRuleStatus')]",
"source": {
"dataSourceId": "[variables('convertRuleSourceWorkspace').SourceId]"
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction",
"criteria": [{
"metricName": "[parameters('convertRuleMetric')]",
"dimensions": []
}
]
}
}
},
{
"name": "[parameters('alertName')]",
"type": "Microsoft.Insights/metricAlerts",
"location": "global",
"apiVersion": "2018-03-01",
"tags": {},
"dependsOn":["[resourceId('Microsoft.Insights/scheduledQueryRules',parameters('convertRuleName'))]"],
"properties": {
"description": "[parameters('alertDescription')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"scopes": ["[parameters('resourceId')]"],
"evaluationFrequency":"[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"criterionType": "DynamicThresholdCriterion",
"name" : "1st criterion",
"metricName": "[parameters('metricName')]",
"dimensions":[],
"operator": "[parameters('operator')]",
"alertSensitivity": "[parameters('alertSensitivity')]",
"failingPeriods": {
"numberOfEvaluationPeriods": "[parameters('numberOfEvaluationPeriods')]",
"minFailingPeriodsToAlert": "[parameters('minFailingPeriodsToAlert')]"
},
"timeAggregation": "[parameters('timeAggregation')]"
}
]
},
"actions": [
{
"actionGroupId": "[parameters('actionGroupId')]"
}
]
}
}
]
}
假設上述 JSON 會儲存為metricfromLogsAlertDynamic.json,然後它就可以與參數 JSON 檔案結合,以建立資源範本。 以下列出範例參數 JSON 檔案:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"convertRuleName": {
"value": "TestLogtoMetricRule"
},
"convertRuleDescription": {
"value": "Test rule to extract metrics from logs via template"
},
"convertRuleRegion": {
"value": "West Central US"
},
"convertRuleStatus": {
"value": "true"
},
"convertRuleMetric": {
"value": "Average_% Idle Time"
},
"alertName": {
"value": "TestMetricAlertonLog"
},
"alertDescription": {
"value": "New multi-dimensional metric alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/1234-56789-1234-567a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/workspaceName"
},
"metricName":{
"value": "Average_% Idle Time"
},
"operator": {
"value": "GreaterOrLessThan"
},
"alertSensitivity": {
"value": "Medium"
},
"numberOfEvaluationPeriods": {
"value": "4"
},
"minFailingPeriodsToAlert": {
"value": "3"
},
"timeAggregation":{
"value": "Average"
},
"actionGroupId": {
"value": "/subscriptions/1234-56789-1234-567a/resourceGroups/myRG/providers/microsoft.insights/actionGroups/actionGroupName"
}
}
}
假設上述參數檔案會儲存為metricfromLogsAlertDynamic.parameters.json;然後,您可以使用資源範本建立記錄的計量警示,以在 Azure 入口網站 中建立。
或者,您也可以使用下列 Azure PowerShell 命令:
New-AzResourceGroupDeployment -ResourceGroupName "myRG" -TemplateFile metricfromLogsAlertDynamic.json TemplateParameterFile metricfromLogsAlertDynamic.parameters.json
或使用 Azure CLI 部署資源範本:
az deployment group create --resource-group myRG --template-file metricfromLogsAlertDynamic.json --parameters @metricfromLogsAlertDynamic.parameters.json