Create a log alert from Azure CLI
I need to create an alert from Azure CLI (no access to portal), using a "custom log search" signal on containerLogV2 to see if there are any exceptions in any of my containers. I have an action group which I need to use for sending emails and sms. I have the below command and am quite sure that I am not setting the condition right. Please advise what the right approach would be. I couldn't find any example for this case on MSDN docs. Thanks.
az monitor metrics alert create \
--condition "ContainerLogV2 | where LogMessage has "Exception" | where ContainerName !has "sms-management" | where TimeGenerated > ago(1h)" \
--name "Dev AKS Errors Alert" \
--resource-group "my-rg" \
--scopes "/subscriptions/my-sub/resourcegroups/my-rg/" \
--evaluation-frequency "60m" \
--severity 1 \
--region "west europe" \
--action "/subscriptions/my-sub/resourcegroups/my-rg/providers/microsoft.insights/actiongroups/my-ag"
I probably need to figure out what details I need to send in the email and the sms from my alert next. Any help on that would be appreciated as well. Thank you.
[Update] Based on the advice from @Jahnavi I tried the below command
az monitor scheduled-query create \
--resource-group "my-rg" \
--name "AKS Errors Alert" \
--scopes "/subscriptions/supscription-id/resourcegroups/my-rg/providers/Microsoft.ContainerService/managedClusters/aks-dev" \
--condition "count 'AppExceptions' > 1 resource id _ResourceId at least 1 violations out of 5 aggregated points" \
--condition-query AppExceptions="ContainerLogV2 | where LogMessage has \"Exception\" | where TimeGenerated > ago(1h)" \
--description "Notify team on exceptions in AKS" \
--location "westeurope" \
--evaluation-frequency "5m" \
--severity 1 \
--action-groups "/subscriptions/supscription-id/resourceGroups/my-rg/providers/microsoft.insights/actionGroups/my-ag"
I was able to create a new alert rule with the above command.
az monitor metrics alert create is mostly used to create the inbuilt metrics, not conditional queries or custom log search queries.
You need to execute the az monitor scheduled-query create command to create an alert using a "custom log search" signal on any application using Az CLI.
I've modified your script as below:
rg="ResourceGroup"
workspace="ws"
query='ContainerLogV2
| where ContainerName !has \"sms-management\"
| where LogMessage has \"Exception\"
| where TimeGenerated > ago(1h)'
WID=$(az monitor log-analytics workspace show --resource-group $rg --workspace-name $workspace --query id --out tsv)
az monitor scheduled-query create \
--name "TestQuery" \
--resource-group $rg \
--scopes $workspace \
--description "Test" \
--action $ActionID \
--evaluation-frequency 5m \
--severity 1 \
--condition "" \ #Provide the required condition
--condition-query $query
As per the MSDoc, I've taken the sample conditional query and it worked as below:
Output:
- Deploy filtered metrics on Azure dashboard with Bicep
- IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
- node-fetch azure document translator
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync