How can I set up an alert for the creation of a new container in an Azure Storage Account?

Question

I need to create an alert that sends an email every time a new container is created in a specific Azure storage account.

Answer 1

We don't have any built signals to create a Azure monitor alert to monitor the container creation in the storage account.

To accomplish this, you'll need to use Azure Monitor and write a kusto query to monitor and send an email every time a new container is created in the storage account.

Below steps to be followed in-order to implement custom solution using Azure monitor:

1. Create a log analytics workspace.
2. Enable the Diagnostic settings on the storage account and send these logs to the above Log analytics workspace.
3. Here is Kusto query to pull the Create Container operations on the storage account:

    StorageBlobLogs
    | where OperationName =~ "CreateContainer" and AccountName =~ '<StorageAccountName>'
    | project  Uri

4. click on New alert rule option in the log analytics space to create a custom alert using the above query as signal as shown below.

5. In signal condition, set Aggregation Granularity (The interval over which datapoints are grouped by the aggregation type.),Frequency of evalution (determines how often the alert rule should run) to 5 minutes.

6. Using Actions groups, you send an email or sms notification when the alert criteria has met. You can use the existing action group or you can create a new action group while configuring the alert.

Here is the sample image of the alert rule that was created using the above query:

Here is the sample output for reference:

Note: Here we are using the custom log search as condition signal, if you want know which container got created and this alert got fired click on Search Results in your alert notification email.