Scheduled Query Rules - Create Or Update

Referenz

Dienst:: Monitor

API-Version:: 2018-04-16

Erstellt oder aktualisiert eine Protokollsuchregel.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Insights/scheduledQueryRules/{ruleName}?api-version=2018-04-16

URI-Parameter

Name	In	Erforderlich	Typ	Beschreibung
resourceGroupName	path	True	string	Der Name der Ressourcengruppe. Für den Namen wird die Groß-/Kleinschreibung nicht beachtet.
ruleName	path	True	string	Der Name der Regel.
subscriptionId	path	True	string	Hierbei handelt es sich um die ID des Zielabonnements.
api-version	query	True	string	Hierbei handelt es sich um die für diesen Vorgang zu verwendende API-Version.

Anforderungstext

Name	Erforderlich	Typ	Beschreibung
location	True	string	Ressourcenspeicherort
properties.action	True	Action: AlertingAction LogToMetricAction	Bei der Regelausführung müssen Maßnahmen ergriffen werden.
properties.source	True	Source	Datenquelle mit welcher Regel Daten abgefragt werden
properties.autoMitigate		boolean	Das Flag, das angibt, ob die Warnung automatisch aufgelöst werden soll oder nicht. Die Standardeinstellung ist „false“.
properties.description		string	Die Beschreibung der Protokollsucheregel.
properties.displayName		string	Der Anzeigename der Warnungsregel
properties.enabled		enabled	Das Flag, das angibt, ob die Protokollsuche-Regel aktiviert ist. Der Wert sollte "true" oder "false" sein.
properties.schedule		Schedule	Zeitplan (Häufigkeit, Zeitfenster) für regel. Erforderlich für den Aktionstyp : AlertingAction
tags		object	Ressourcentags

Antworten

Name	Typ	Beschreibung
200 OK	LogSearchRuleResource	Erfolgreiche Anforderung zum Aktualisieren einer Protokollsucheregel
201 Created	LogSearchRuleResource	Erstellte Warnungsregel
Other Status Codes	ErrorContract	Fehlerantwort mit Beschreibung des Grunds für den Fehler.

Sicherheit

azure_auth

Azure Active Directory-OAuth2-Flow

Typ: oauth2
Ablauf: implicit
Autorisierungs-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiche

Name	Beschreibung
user_impersonation	Identitätswechsel Ihres Benutzerkontos

Beispiele

Create or Update rule - AlertingAction

Create or Update rule - AlertingAction with Cross-Resource

Create or Update rule - LogToMetricAction

Create or Update rule - AlertingAction

Beispielanforderung

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/logalertfoo?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogMetricTrigger;
import com.azure.resourcemanager.monitor.models.MetricTriggerType;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "logalertfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("log alert description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)")
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(15).withTimeWindowInMinutes(15))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.ONE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(Arrays.asList())
                                    .withEmailSubject("Email Header")
                                    .withCustomWebhookPayload("{}"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(3.0)
                                    .withMetricTrigger(
                                        new LogMetricTrigger()
                                            .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                            .withThreshold(5.0D)
                                            .withMetricTriggerType(MetricTriggerType.CONSECUTIVE)
                                            .withMetricColumn("Computer")))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
func ExampleScheduledQueryRulesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client, err := armmonitor.NewScheduledQueryRulesClient("b67f7fec-69fc-4974-9099-a26bd6ffeda3", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := client.CreateOrUpdate(ctx,
		"Rac46PostSwapRG",
		"logalertfoo",
		armmonitor.LogSearchRuleResource{
			Location: to.Ptr("eastus"),
			Tags:     map[string]*string{},
			Properties: &armmonitor.LogSearchRule{
				Description: to.Ptr("log alert description"),
				Action: &armmonitor.AlertingAction{
					ODataType: to.Ptr("Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"),
					AznsAction: &armmonitor.AzNsActionGroup{
						ActionGroup:          []*string{},
						CustomWebhookPayload: to.Ptr("{}"),
						EmailSubject:         to.Ptr("Email Header"),
					},
					Severity: to.Ptr(armmonitor.AlertSeverityOne),
					Trigger: &armmonitor.TriggerCondition{
						MetricTrigger: &armmonitor.LogMetricTrigger{
							MetricColumn:      to.Ptr("Computer"),
							MetricTriggerType: to.Ptr(armmonitor.MetricTriggerTypeConsecutive),
							Threshold:         to.Ptr[float64](5),
							ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
						},
						Threshold:         to.Ptr[float64](3),
						ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
					},
				},
				Enabled: to.Ptr(armmonitor.EnabledTrue),
				Schedule: &armmonitor.Schedule{
					FrequencyInMinutes:  to.Ptr[int32](15),
					TimeWindowInMinutes: to.Ptr[int32](15),
				},
				Source: &armmonitor.Source{
					DataSourceID: to.Ptr("/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"),
					Query:        to.Ptr("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)"),
					QueryType:    to.Ptr(armmonitor.QueryTypeResultCount),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// TODO: use response item
	_ = res
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
 */
async function createOrUpdateRuleAlertingAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "logalertfoo";
  const parameters = {
    description: "log alert description",
    action: {
      aznsAction: {
        actionGroup: [],
        customWebhookPayload: "{}",
        emailSubject: "Email Header",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "1",
      trigger: {
        metricTrigger: {
          metricColumn: "Computer",
          metricTriggerType: "Consecutive",
          threshold: 5,
          thresholdOperator: "GreaterThan",
        },
        threshold: 3,
        thresholdOperator: "GreaterThan",
      },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 15, timeWindowInMinutes: 15 },
    source: {
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      query: "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

Statuscode:: 201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat",
      "queryType": "ResultCount",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3
      },
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      }
    }
  }
}

Create or Update rule - AlertingAction with Cross-Resource

Beispielanforderung

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/SampleCrossResourceAlert?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction with Cross-Resource.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingActionWithCrossResource(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "SampleCrossResourceAlert",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("Sample Cross Resource alert")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("union requests, workspace(\"sampleWorkspace\").Update")
                            .withAuthorizedResources(
                                Arrays
                                    .asList(
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"))
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(60).withTimeWindowInMinutes(60))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.THREE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(
                                        Arrays
                                            .asList(
                                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"))
                                    .withEmailSubject("Cross Resource Mail!!"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(5000.0))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
 */
async function createOrUpdateRuleAlertingActionWithCrossResource() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "SampleCrossResourceAlert";
  const parameters = {
    description: "Sample Cross Resource alert",
    action: {
      aznsAction: {
        actionGroup: [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag",
        ],
        emailSubject: "Cross Resource Mail!!",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "3",
      trigger: { threshold: 5000, thresholdOperator: "GreaterThan" },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 60, timeWindowInMinutes: 60 },
    source: {
      authorizedResources: [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      ],
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      query: 'union requests, workspace("sampleWorkspace").Update',
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Statuscode:: 201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Create or Update rule - LogToMetricAction

Beispielanforderung

PUT https://management.azure.com/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourcegroups/alertsweu/providers/Microsoft.Insights/scheduledQueryRules/logtometricfoo?api-version=2018-04-16

{
  "location": "West Europe",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "source": {
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.Criteria;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogToMetricAction;
import com.azure.resourcemanager.monitor.models.Source;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
     */
    /**
     * Sample code: Create or Update rule - LogToMetricAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleLogToMetricAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "alertsweu",
                "logtometricfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("West Europe")
                    .withTags(mapOf())
                    .withDescription("log to metric description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withDataSourceId(
                                "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"))
                    .withAction(
                        new LogToMetricAction()
                            .withCriteria(
                                Arrays
                                    .asList(
                                        new Criteria()
                                            .withMetricName("Average_% Idle Time")
                                            .withDimensions(Arrays.asList())))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
 */
async function createOrUpdateRuleLogToMetricAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "af52d502-a447-4bc6-8cb7-4780fbb00490";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "alertsweu";
  const ruleName = "logtometricfoo";
  const parameters = {
    description: "log to metric description",
    action: {
      criteria: [{ dimensions: [], metricName: "Average_% Idle Time" }],
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction",
    },
    enabled: "true",
    location: "West Europe",
    source: {
      dataSourceId:
        "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Beispiel für eine Antwort

Statuscode:: 200

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "displayName": "logtometricfoo",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:31:56.3737792Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

Statuscode:: 201

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

Definitionen

Name	Beschreibung
AlertingAction	Geben Sie an, dass eine Aktion ausgeführt werden muss, wenn der Regeltyp Warnung ist.
AlertSeverity	Schweregrad der Warnung
AzNsActionGroup	Azure-Aktionsgruppe
ConditionalOperator	Bewertungskriterien für Ergebnisbedingung.
Criteria	Gibt die Kriterien für die Konvertierung von Protokollen in Metriken an.
Dimension	Gibt die Kriterien für die Konvertierung von Protokollen in Metriken an.
enabled	Das Flag, das angibt, ob die Protokollsuche-Regel aktiviert ist. Der Wert sollte "true" oder "false" sein.
ErrorContract	Beschreibt das Format der Fehlerantwort.
ErrorResponse	Beschreibt das Format der Fehlerantwort.
LogMetricTrigger	Eine Protokollmetriktriggerdeskriptor.
LogSearchRuleResource	Die Protokollsuchregelressource.
LogToMetricAction	Geben Sie an, dass die Aktion ausgeführt werden muss, wenn der Regeltyp das Protokoll in die Metrik konvertiert.
metricTriggerType	Metriktriggertyp – "Fortlaufend" oder "Gesamt"
operator	Operator für Dimensionswerte
provisioningState	Bereitstellungsstatus der geplanten Abfrageregel
QueryType	Festlegen des Werts auf "ResultAccount"
Schedule	Definiert, wie oft die Suche ausgeführt werden soll, und das Zeitintervall.
Source	Gibt die Protokollsuchabfrage an.
TriggerCondition	Die Bedingung, die zur Protokollsucheregel führt.

AlertingAction

Geben Sie an, dass eine Aktion ausgeführt werden muss, wenn der Regeltyp Warnung ist.

Name	Typ	Beschreibung
aznsAction	AzNsActionGroup	Azure-Aktionsgruppenreferenz.
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction	Gibt die Aktion an. Unterstützte Werte: AlertingAction, LogToMetricAction
severity	AlertSeverity	Schweregrad der Warnung.
throttlingInMin	integer	Zeit (in Minuten), für die Warnungen gedrosselt oder unterdrückt werden sollen.
trigger	TriggerCondition	Die Triggerbedingung, die dazu führt, dass die Warnungsregel ist.

AlertSeverity

Schweregrad der Warnung

Name	Typ	Beschreibung
0	string
1	string
2	string
3	string
4	string

AzNsActionGroup

Azure-Aktionsgruppe

Name	Typ	Beschreibung
actionGroup	string[]	Azure Action Group-Referenz.
customWebhookPayload	string	Benutzerdefinierte Nutzlast, die für alle Webhook-URI in Azure-Aktionsgruppe gesendet werden soll
emailSubject	string	Überschreibung eines benutzerdefinierten Betreffs für alle E-Mail-IDs in der Azure-Aktionsgruppe

ConditionalOperator

Bewertungskriterien für Ergebnisbedingung.

Name	Typ	Beschreibung
Equal	string
GreaterThan	string
GreaterThanOrEqual	string
LessThan	string
LessThanOrEqual	string

Criteria

Gibt die Kriterien für die Konvertierung von Protokollen in Metriken an.

Name	Typ	Beschreibung
dimensions	Dimension[]	Liste der Dimensionen zum Erstellen von Metriken
metricName	string	Name der Metrik

Dimension

Gibt die Kriterien für die Konvertierung von Protokollen in Metriken an.

Name	Typ	Beschreibung
name	string	Name der Dimension
operator	operator	Operator für Dimensionswerte
values	string[]	Liste der Dimensionswerte

enabled

Das Flag, das angibt, ob die Protokollsuche-Regel aktiviert ist. Der Wert sollte "true" oder "false" sein.

Name	Typ	Beschreibung
false	string
true	string

ErrorContract

Beschreibt das Format der Fehlerantwort.

Name	Typ	Beschreibung
error	ErrorResponse	Die Fehlerdetails.

ErrorResponse

Beschreibt das Format der Fehlerantwort.

Name	Typ	Beschreibung
code	string	Fehlercode
message	string	Eine Fehlermeldung, die angibt, warum der Vorgang fehlgeschlagen ist.

LogMetricTrigger

Eine Protokollmetriktriggerdeskriptor.

Name	Typ	Standardwert	Beschreibung
metricColumn	string		Auswertung der Metrik für eine bestimmte Spalte
metricTriggerType	metricTriggerType	Consecutive	Metriktriggertyp – "Fortlaufend" oder "Gesamt"
threshold	number		Der Schwellenwert des Metriktriggers.
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	Auswertungsvorgang für Metrik -'GreaterThan' oder 'LessThan' oder 'Equal'.

LogSearchRuleResource

Die Protokollsuchregelressource.

Name	Typ	Standardwert	Beschreibung
etag	string		Das Feld etag ist nicht erforderlich. Wenn es im Antworttext angegeben wird, muss es auch als Header gemäß der normalen etag-Konvention bereitgestellt werden. Entitätstags werden zum Vergleichen von zwei oder mehr Entitäten aus derselben angeforderten Ressource verwendet. HTTP/1.1 verwendet Entitätstags in den Kopfzeilenfeldern etag (Abschnitt 14.19), If-Match (Abschnitt 14.24), If-None-Match (Abschnitt 14.26) und If-Range (Abschnitt 14.27).
id	string		Azure-Ressourcen-ID
kind	string		Metadaten, die vom Portal/Tooling/etc verwendet werden, um unterschiedliche UX-Erfahrungen für Ressourcen desselben Typs zu rendern; ApiApps sind z.B. eine Art Microsoft.Web/sites-Typ. Falls unterstützt, muss der Ressourcenanbieter diesen Wert überprüfen und beibehalten.
location	string		Ressourcenspeicherort
name	string		Name der Azure-Ressource
properties.action	Action: AlertingAction LogToMetricAction		Bei der Regelausführung müssen Maßnahmen ergriffen werden.
properties.autoMitigate	boolean	False	Das Flag, das angibt, ob die Warnung automatisch aufgelöst werden soll oder nicht. Die Standardeinstellung ist „false“.
properties.createdWithApiVersion	string		Die api-Version, die beim Erstellen dieser Warnungsregel verwendet wird
properties.description	string		Die Beschreibung der Protokollsucheregel.
properties.displayName	string		Der Anzeigename der Warnungsregel
properties.enabled	enabled		Das Flag, das angibt, ob die Protokollsuche-Regel aktiviert ist. Der Wert sollte "true" oder "false" sein.
properties.isLegacyLogAnalyticsRule	boolean		True, wenn es sich bei der Warnungsregel um eine ältere Protokollanalyseregel handelt
properties.lastUpdatedTime	string		Das letzte Mal wurde die Regel in IS08601 Format aktualisiert.
properties.provisioningState	provisioningState		Bereitstellungsstatus der geplanten Abfrageregel
properties.schedule	Schedule		Zeitplan (Häufigkeit, Zeitfenster) für regel. Erforderlich für den Aktionstyp : AlertingAction
properties.source	Source		Datenquelle mit welcher Regel Daten abgefragt werden
tags	object		Ressourcentags
type	string		Azure-Ressourcentyp

LogToMetricAction

Geben Sie an, dass die Aktion ausgeführt werden muss, wenn der Regeltyp das Protokoll in die Metrik konvertiert.

Name	Typ	Beschreibung
criteria	Criteria[]	Kriterien der Metrik
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction	Gibt die Aktion an. Unterstützte Werte: AlertingAction, LogToMetricAction

metricTriggerType

Metriktriggertyp – "Fortlaufend" oder "Gesamt"

Name	Typ	Beschreibung
Consecutive	string
Total	string

operator

Operator für Dimensionswerte

Name	Typ	Beschreibung
Include	string

provisioningState

Bereitstellungsstatus der geplanten Abfrageregel

Name	Typ	Beschreibung
Canceled	string
Deploying	string
Failed	string
Succeeded	string

QueryType

Festlegen des Werts auf "ResultAccount"

Name	Typ	Beschreibung
ResultCount	string

Schedule

Definiert, wie oft die Suche ausgeführt werden soll, und das Zeitintervall.

Name	Typ	Beschreibung
frequencyInMinutes	integer	Häufigkeit (in Minuten), mit der die Regelbedingung ausgewertet werden soll.
timeWindowInMinutes	integer	Zeitfenster, für das Daten für die Abfrage abgerufen werden müssen (sollte größer oder gleich frequencyInMinutes sein).

Source

Gibt die Protokollsuchabfrage an.

Name	Typ	Beschreibung
authorizedResources	string[]	Liste der in die Abfrage verwiesenen Ressourcen
dataSourceId	string	Der Ressourcen-URI, für den die Protokollsuchabfrage ausgeführt werden soll.
query	string	Protokollsuchabfrage. Erforderlich für den Aktionstyp : AlertingAction
queryType	QueryType	Legen Sie den Wert auf "ResultCount" fest.

TriggerCondition

Die Bedingung, die zur Protokollsucheregel führt.

Name	Typ	Standardwert	Beschreibung
metricTrigger	LogMetricTrigger		Triggerbedingung für Metrikabfrageregel
threshold	number		Ergebnis- oder Zählungsschwellenwert basierend auf der Regel, die ausgelöst werden soll.
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	Auswertungsvorgang für die Regel : "GreaterThan" oder "LessThan".

Freigeben über

Scheduled Query Rules - Create Or Update

URI-Parameter

Anforderungstext

Antworten

Sicherheit

azure_auth

Bereiche

Beispiele

Create or Update rule - AlertingAction

Beispielanforderung

Beispiel für eine Antwort

Create or Update rule - AlertingAction with Cross-Resource

Beispielanforderung

Beispiel für eine Antwort

Create or Update rule - LogToMetricAction

Beispielanforderung

Beispiel für eine Antwort

Definitionen

AlertingAction

AlertSeverity

AzNsActionGroup

ConditionalOperator

Criteria

Dimension

enabled

ErrorContract

ErrorResponse

LogMetricTrigger

LogSearchRuleResource

LogToMetricAction

metricTriggerType

operator

provisioningState

QueryType

Schedule

Source

TriggerCondition

Zusätzliche Ressourcen