jsonazuremicrosoft-teamsazure-logic-appsazure-alerts
How to format an Azure Logic App JSON payload containing a Teams message with Azure Alert?
I've been trying to configure Azure Alerts (specifically VM low disk space query) to send a message to a Teams channel every time an alert is triggered using an Azure Logic App. It does what it's supposed to, however I do not know how to format the message to make it look a bit more neat. What I'm currently getting is this: Teams message I get
I'd like it to also contain the drive and value (which the email alerts triggered by the same query do). I am using the built-in Logic App Teams integration (Post message in a chat or channel). Currently just configured to return the configurationItems value which sadly, is the closest I got to what I want to achieve, anything else displays an absolute mess of JSON code. Logic App Designer view
I've tried different combination of values and variables but the app designer is very limited in what it allows me to do. The query I'm using is:
InsightsMetrics
| where Namespace == "LogicalDisk"
| where Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| summarize arg_max(TimeGenerated, *) by Disk, Computer
| project Computer, Disk, Val | where Val < 10
The data I want to 'extract' is stored in the Computer, Disk and Val dimensions. Below is the JSON output payload from the logic app, as you can see all the data I need to extract is stored in the dimensions stored above.
{
"headers": {
"Expect": "100-continue",
"Host": "prod-29.uksouth.logic.azure.com",
"Max-Forwards": "10",
"User-Agent": "IcMBroadcaster/1.0",
"X-CorrelationContext": "RkkKACgAAAACAAAAEACyLD23wrGCS7pV2gtMjiR5AQAQAIpdK63VFIhCsQq3AI7HA4c=",
"X-ARR-LOG-ID": "32bea9c0-3db3-4cee-95c1-2b7f0d1e1f0f",
"CLIENT-IP": "52.184.145.166:31132",
"DISGUISED-HOST": "prod-29.uksouth.logic.azure.com",
"X-SITE-DEPLOYMENT-ID": "flowfe-prod-ln-rp00-app",
"WAS-DEFAULT-HOSTNAME": "flowfe-prod-ln-rp00-app.flow-prod-ln-rp00-ase.p.azurewebsites.net",
"X-Forwarded-Proto": "https",
"X-AppService-Proto": "https",
"X-ARR-SSL": "2048|256|CN=Microsoft Azure RSA TLS Issuing CA 03, O=Microsoft Corporation, C=US|CN=uksouth.logic.azure.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US",
"X-Forwarded-TlsVersion": "1.2",
"X-Forwarded-For": "52.184.145.166:31132",
"X-Original-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"X-WAWS-Unencoded-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"Content-Length": "4731",
"Content-Type": "application/json; charset=utf-8"
},
"body": {
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.AlertsManagement/alerts/bbf927f7-de30-b602-1c83-1775e44f0017",
"alertRule": "VM_LowDiskSpace",
"severity": "Sev3",
"signalType": "Log",
"monitorCondition": "Fired",
"monitoringService": "Log Alerts V2",
"alertTargetIDs": [
"/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourcegroups/gds-uks-svr-mgmt-rg/providers/microsoft.operationalinsights/workspaces/gds-uks-svr-mgmt-law"
],
"configurationItems": [
"GDS-SCCM-VM01"
],
"originAlertId": "7eab1d19-63bd-4690-9cac-a1e9eb843efd",
"firedDateTime": "2024-03-03T10:49:56.8527969Z",
"description": "This will send and alert if any VM's disk space is less than 10%.",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": {},
"conditionType": "LogQueryCriteria",
"condition": {
"windowSize": "P1D",
"allOf": [
{
"searchQuery": "InsightsMetrics\n| where Namespace == \"LogicalDisk\"\n| where Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize arg_max(TimeGenerated, *) by Disk, Computer\n| project Computer, Disk, Val\n| where Val < 10\n",
"metricMeasureColumn": null,
"targetResourceTypes": "['Microsoft.OperationalInsights/workspaces']",
"operator": "GreaterThanOrEqual",
"threshold": "1",
"timeAggregation": "Count",
"dimensions": [
{
"name": "Computer",
"value": "GDS-SCCM-VM01"
},
{
"name": "Disk",
"value": "L:"
},
{
"name": "Val",
"value": "9.17095184326172"
}
],
"metricValue": 1,
"failingPeriods": {
"numberOfEvaluationPeriods": 1,
"minFailingPeriodsToAlert": 1
},
"linkToSearchResultsUI": "https://portal.azure.com#@6ebe178c-d0e7...
"linkToFilteredSearchResultsUI": "https://portal.azure.com#@6ebe178c..
"linkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspa...
"linkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1...
"event": null
}
],
"windowStartTime": "2024-03-02T10:46:51Z",
"windowEndTime": "2024-03-03T10:46:51Z"
}
},
"customProperties": {}
}
}
}
Below is the Logic App Code View, I am quite sure that I can achieve my goal by manually editing the 'messageBody' part, but I am not sure what needs changing:
{
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Post_message_in_a_chat_or_channel": {
"inputs": {
"body": {
"messageBody": "<p>@{triggerBody()?['data']?['essentials']?['configurationItems']}</p>",
"recipient": {
"channelId": "19:[email protected]",
"groupId": "e0112486-b573-4377-b8a9-df4450dd4383"
}
},
"host": {
"connection": {
"name": "@parameters('$connections')['teams_2']['connectionId']"
}
},
"method": "post",
"path": "/beta/teams/conversation/message/poster/@{encodeURIComponent('User')}/location/@{encodeURIComponent('Channel')}"
},
"runAfter": {},
"type": "ApiConnection"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"inputs": {
"schema": {
"properties": {
"data": {
"properties": {
"alertContext": {
"properties": {
"condition": {
"properties": {
"allOf": {
"items": {
"properties": {
"dimensions": {
"items": {
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"name",
"value"
],
"type": "object"
},
"type": "array"
},
"metricName": {
"type": "string"
},
"metricNamespace": {
"type": "string"
},
"metricValue": {
"type": "number"
},
"operator": {
"type": "string"
},
"threshold": {
"type": "string"
},
"timeAggregation": {
"type": "string"
}
},
"required": [
"metricName",
"metricNamespace",
"operator",
"threshold",
"timeAggregation",
"dimensions",
"metricValue"
],
"type": "object"
},
"type": "array"
},
"windowSize": {
"type": "string"
}
},
"type": "object"
},
"conditionType": {
"type": "string"
},
"properties": {}
},
"type": "object"
},
"customProperties": {
"properties": {
"Key1": {
"type": "string"
},
"Key2": {
"type": "string"
}
},
"type": "object"
},
"essentials": {
"properties": {
"alertContextVersion": {
"type": "string"
},
"alertId": {
"type": "string"
},
"alertRule": {
"type": "string"
},
"alertTargetIDs": {
"items": {
"type": "string"
},
"type": "array"
},
"configurationItems": {
"items": {
"type": "string"
},
"type": "array"
},
"description": {
"type": "string"
},
"essentialsVersion": {
"type": "string"
},
"firedDateTime": {
"type": "string"
},
"monitorCondition": {
"type": "string"
},
"monitoringService": {
"type": "string"
},
"originAlertId": {
"type": "string"
},
"resolvedDateTime": {
"type": "string"
},
"severity": {
"type": "string"
},
"signalType": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"schemaId": {
"type": "string"
}
},
"type": "object"
}
},
"kind": "Http",
"type": "Request"
}
}
},
"parameters": {
"$connections": {
"value": {
"teams_2": {
"connectionId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourceGroups/GDS-UKS-Prod-LogicApps-rg/providers/Microsoft.Web/connections/teams-1",
"connectionName": "teams-1",
"id": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.Web/locations/uksouth/managedApis/teams"
}
}
}
}
}
My question is: How do I modify this app to send a nice and neat message to our Teams channel, displaying the alert with Computer name, disk and value? I was thinking about using IncomingWebhook integration instead but I am not sure how to configure it. Any help on this will be highly appreciated.
I tried modifying the values within the App Designer but it ended up displaying a mess of incomprehensible code in the message. Clicking the dimensions value within app designer automatically puts in in the foreach loop which kinda makes sense as there are multiple dimensions but I do not know how to extract the desired values from the payload. I am using the Azure Common Alerts Schema.
Solution
How do I modify this app to send a nice and neat message to our Teams channel, displaying the alert with Computer name, disk and value? I was thinking about using IncomingWebhook integration instead but I am not sure how to configure it. Any help on this will be highly appreciated.
Firstly created a incoming webhook like below:
Design:
Then:
body:
{"text":@{body('Create_HTML_table')}}
Output:
Parse Json schema:
{
"type": "object",
"properties": {
"body": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"alertContext": {
"type": "object",
"properties": {
"condition": {
"type": "object",
"properties": {
"allOf": {
"type": "array",
"items": {
"type": "object",
"properties": {
"dimensions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"name",
"value"
]
}
},
"event": {},
"failingPeriods": {
"type": "object",
"properties": {
"minFailingPeriodsToAlert": {
"type": "integer"
},
"numberOfEvaluationPeriods": {
"type": "integer"
}
}
},
"linkToFilteredSearchResultsAPI": {
"type": "string"
},
"linkToFilteredSearchResultsUI": {
"type": "string"
},
"linkToSearchResultsAPI": {
"type": "string"
},
"linkToSearchResultsUI": {
"type": "string"
},
"metricMeasureColumn": {},
"metricValue": {
"type": "integer"
},
"operator": {
"type": "string"
},
"searchQuery": {
"type": "string"
},
"targetResourceTypes": {
"type": "string"
},
"threshold": {
"type": "string"
},
"timeAggregation": {
"type": "string"
}
},
"required": [
"dimensions",
"event",
"failingPeriods",
"linkToFilteredSearchResultsAPI",
"linkToFilteredSearchResultsUI",
"linkToSearchResultsAPI",
"linkToSearchResultsUI",
"metricMeasureColumn",
"metricValue",
"operator",
"searchQuery",
"targetResourceTypes",
"threshold",
"timeAggregation"
]
}
},
"windowEndTime": {
"type": "string"
},
"windowSize": {
"type": "string"
},
"windowStartTime": {
"type": "string"
}
}
},
"conditionType": {
"type": "string"
},
"properties": {
"type": "object",
"properties": {}
}
}
},
"customProperties": {
"type": "object",
"properties": {}
},
"essentials": {
"type": "object",
"properties": {
"alertContextVersion": {
"type": "string"
},
"alertId": {
"type": "string"
},
"alertRule": {
"type": "string"
},
"alertTargetIDs": {
"type": "array",
"items": {
"type": "string"
}
},
"configurationItems": {
"type": "array",
"items": {
"type": "string"
}
},
"description": {
"type": "string"
},
"essentialsVersion": {
"type": "string"
},
"firedDateTime": {
"type": "string"
},
"monitorCondition": {
"type": "string"
},
"monitoringService": {
"type": "string"
},
"originAlertId": {
"type": "string"
},
"severity": {
"type": "string"
},
"signalType": {
"type": "string"
}
}
}
}
},
"schemaId": {
"type": "string"
}
}
},
"headers": {
"type": "object",
"properties": {
"CLIENT-IP": {
"type": "string"
},
"Content-Length": {
"type": "string"
},
"Content-Type": {
"type": "string"
},
"DISGUISED-HOST": {
"type": "string"
},
"Expect": {
"type": "string"
},
"Host": {
"type": "string"
},
"Max-Forwards": {
"type": "string"
},
"User-Agent": {
"type": "string"
},
"WAS-DEFAULT-HOSTNAME": {
"type": "string"
},
"X-ARR-LOG-ID": {
"type": "string"
},
"X-ARR-SSL": {
"type": "string"
},
"X-AppService-Proto": {
"type": "string"
},
"X-CorrelationContext": {
"type": "string"
},
"X-Forwarded-For": {
"type": "string"
},
"X-Forwarded-Proto": {
"type": "string"
},
"X-Forwarded-TlsVersion": {
"type": "string"
},
"X-Original-URL": {
"type": "string"
},
"X-SITE-DEPLOYMENT-ID": {
"type": "string"
},
"X-WAWS-Unencoded-URL": {
"type": "string"
}
}
}
}
}
Also refer SO-Thread.
Edit:
Input Payload:
{
"body": {
"data": {
"alertContext": {
"condition": {
"allOf": [
{
"dimensions": [
{
"name": "Computer",
"value": "GDS-SCCM-VM01"
},
{
"name": "Disk",
"value": "L:"
},
{
"name": "Val",
"value": "9.17095184326172"
}
],
"event": null,
"failingPeriods": {
"minFailingPeriodsToAlert": 1,
"numberOfEvaluationPeriods": 1
},
"linkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1...",
"linkToFilteredSearchResultsUI": "https://portal.azure.com#@6ebe178c..",
"linkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspa...",
"linkToSearchResultsUI": "https://portal.azure.com#@6ebe178c-d0e7...",
"metricMeasureColumn": null,
"metricValue": 1,
"operator": "GreaterThanOrEqual",
"searchQuery": "InsightsMetrics\n| where Namespace == \"LogicalDisk\"\n| where Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize arg_max(TimeGenerated, *) by Disk, Computer\n| project Computer, Disk, Val\n| where Val < 10\n",
"targetResourceTypes": "['Microsoft.OperationalInsights/workspaces']",
"threshold": "1",
"timeAggregation": "Count"
}
],
"windowEndTime": "2024-03-03T10:46:51Z",
"windowSize": "P1D",
"windowStartTime": "2024-03-02T10:46:51Z"
},
"conditionType": "LogQueryCriteria",
"properties": {}
},
"customProperties": {},
"essentials": {
"alertContextVersion": "1.0",
"alertId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.AlertsManagement/alerts/bbf927f7-de30-b602-1c83-1775e44f0017",
"alertRule": "VM_LowDiskSpace",
"alertTargetIDs": [
"/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourcegroups/gds-uks-svr-mgmt-rg/providers/microsoft.operationalinsights/workspaces/gds-uks-svr-mgmt-law"
],
"configurationItems": [
"GDS-SCCM-VM01"
],
"description": "This will send and alert if any VM's disk space is less than 10%.",
"essentialsVersion": "1.0",
"firedDateTime": "2024-03-03T10:49:56.8527969Z",
"monitorCondition": "Fired",
"monitoringService": "Log Alerts V2",
"originAlertId": "7eab1d19-63bd-4690-9cac-a1e9eb843efd",
"severity": "Sev3",
"signalType": "Log"
}
},
"schemaId": "azureMonitorCommonAlertSchema"
},
"headers": {
"CLIENT-IP": "52.184.145.166:31132",
"Content-Length": "4731",
"Content-Type": "application/json; charset=utf-8",
"DISGUISED-HOST": "prod-29.uksouth.logic.azure.com",
"Expect": "100-continue",
"Host": "prod-29.uksouth.logic.azure.com",
"Max-Forwards": "10",
"User-Agent": "IcMBroadcaster/1.0",
"WAS-DEFAULT-HOSTNAME": "flowfe-prod-ln-rp00-app.flow-prod-ln-rp00-ase.p.azurewebsites.net",
"X-ARR-LOG-ID": "32bea9c0-3db3-4cee-95c1-2b7f0d1e1f0f",
"X-ARR-SSL": "2048|256|CN=Microsoft Azure RSA TLS Issuing CA 03, O=Microsoft Corporation, C=US|CN=uksouth.logic.azure.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US",
"X-AppService-Proto": "https",
"X-CorrelationContext": "RkkKACgAAAACAAAAEACyLD23wrGCS7pV2gtMjiR5AQAQAIpdK63VFIhCsQq3AI7HA4c=",
"X-Forwarded-For": "52.184.145.166:31132",
"X-Forwarded-Proto": "https",
"X-Forwarded-TlsVersion": "1.2",
"X-Original-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"X-SITE-DEPLOYMENT-ID": "flowfe-prod-ln-rp00-app",
"X-WAWS-Unencoded-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo"
}
}```
- How to parse json format output of : kubectl get pods using jsonpath
- Jackson Error Unexpected character ('}' (code 125))
- Navigation Timeout Exceeded scraping table in Puppeteer
- Trying to get the last object from a JSON list
- VSCode JSON to YAML auto conversion on save
- Handling Nested JSON returned from Invoke-RestMethod
- Convert an array of object into 2-dimensional array to group the elements with same id in typescript
- React TS Axios using local JSON api
- Graph API - get JSON data without "paging" key
- Using another name in response when deserializing json in ASP.NET Core 8 Web API
- Oracle JSON_TABLE to PostgreSQL - how to search from the second hierarchical key in a JSON column
- Why Dart uses YAML as package manager?
- How to display an image in HTML via a JSON file using Javascript
- How to get JSON data from an API in flutter
- Getting images from a Json on NuxtJs
- Creating new attributes based on content of another attribute
- jq sort by version as string
- How to update json property value and save back to file
- How to load Additional Pages for Twitter Hashtag Search using JSON
- Deserializing JSON array with JSON-B
- How do I convert this query result to JSON?
- SelectList in MVC incorrect syntax
- How to read JSON and return value of an item?
- How to check for a key/node existence in JSON c#?
- Does anyone have a working sample of json paging for mvc3 webgrid?
- JSONDecodeError: Expecting value: line 1 column 1 (char 0)
- Calling a JSON API using Python
- How to convert list of JsonObject from google json to JsonNode object of Jackson
- Arabic Json shows scrambled data
- Using addEventListener and getElementsByClassName to pass an element id