Azure Monitor のログ検索アラート ルール用の Resource Manager テンプレートのサンプル
この記事には、Azure Monitor でログ検索アラートを作成および構成するための Azure Resource Manager テンプレートのサンプルが含まれています。 各サンプルには、テンプレート ファイルと、テンプレートに指定するサンプル値を含むパラメーター ファイルが含まれています。
Note
利用可能なサンプルのリスト、および Azure サブスクリプションへの各サンプルのデプロイ方法については、Azure Monitor の Azure Resource Manager のサンプルに関するページを参照してください。
Note
ログ警告ルールのプロパティ内のすべてのデータの合計サイズが 64KB を超えることはできません。 これは、ディメンションが多すぎる、クエリが大きすぎる、アクション グループが多すぎる、または説明が長いことが原因で発生する可能性があります。 大きな警告ルールを作成する場合は、これらの領域を最適化することを忘れないでください。
リソースのすべての種類のテンプレート (バージョン 2021-08-01 以降)
次のサンプルでは、すべてのリソースを対象とするルールを作成することができます。
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Location of the alert')
@minLength(1)
param location string
@description('Description of alert')
param alertDescription string = 'This is a metric alert'
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Specifies whether the alert will automatically resolve')
param autoMitigate bool = true
@description('Specifies whether to check linked storage and fail creation if the storage was not found')
param checkWorkspaceAlertsStorageConfigured bool = false
@description('Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz')
@minLength(1)
param resourceId string
@description('Name of the metric used in the comparison to activate the alert.')
@minLength(1)
param query string
@description('Name of the measure column used in the alert evaluation.')
param metricMeasureColumn string
@description('Name of the resource ID column used in the alert targeting the alerts.')
param resourceIdColumn string
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 1
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 1
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT10M'
'PT15M'
'PT30M'
'PT45M'
'PT1H'
'PT2H'
'PT3H'
'PT4H'
'PT5H'
'PT6H'
'PT24H'
'PT48H'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
])
param muteActionsDuration string
@description('The ID of the action group that is triggered when the alert is activated or deactivated')
param actionGroupId string = ''
resource alert 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = {
name: alertName
location: location
tags: {}
properties: {
description: alertDescription
severity: alertSeverity
enabled: isEnabled
scopes: [
resourceId
]
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
allOf: [
{
query: query
metricMeasureColumn: metricMeasureColumn
resourceIdColumn: resourceIdColumn
dimensions: []
operator: operator
threshold: threshold
timeAggregation: timeAggregation
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
}
]
}
muteActionsDuration: muteActionsDuration
autoMitigate: autoMitigate
checkWorkspaceAlertsStorageConfigured: checkWorkspaceAlertsStorageConfigured
actions: {
actionGroups: [
actionGroupId
]
customProperties: {
key1: 'value1'
key2: 'value2'
}
}
}
}
パラメーター ファイル
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"value": "New Alert"
},
"location": {
"value": "eastus"
},
"alertDescription": {
"value": "New alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/replace-with-resourceGroup-name/providers/Microsoft.Compute/virtualMachines/replace-with-resource-name"
},
"query": {
"value": "Perf | where ObjectName == \"Processor\" and CounterName == \"% Processor Time\""
},
"metricMeasureColumn": {
"value": "AggregatedValue"
},
"operator": {
"value": "GreaterThan"
},
"threshold": {
"value": 80
},
"timeAggregation": {
"value": "Average"
},
"actionGroupId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Insights/actionGroups/replace-with-action-group"
}
}
}
結果の数のテンプレート (バージョン 2018-04-16 以前)
次のサンプルでは、結果の数のアラート ルールを作成します。
Notes
- このサンプルには、Webhook ペイロードが含まれています。 このアラート ルールによって Webhook がトリガーされない場合は、customWebhookPayload 要素を削除してください。
テンプレート ファイル
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource logQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample log query alert'
location: location
properties: {
description: 'Sample log query alert'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize count() by Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
customWebhookPayload: '{ "alertname":"#alertrulename", "IncludeSearchResults":true }'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 1
}
}
}
}
パラメーター ファイル
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}
メトリック測定のテンプレート (バージョン 2018-04-16 以前)
次のサンプルでは、メトリック測定のアラート ルールを作成します。
テンプレート ファイル
@description('Resource ID of the Log Analytics workspace.')
param sourceId string = ''
@description('Location for the alert. Must be the same location as the workspace.')
param location string = ''
@description('The ID of the action group that is triggered when the alert is activated.')
param actionGroupId string = ''
resource metricMeasurementLogQueryAlert 'Microsoft.Insights/scheduledQueryRules@2018-04-16' = {
name: 'Sample metric measurement log query alert'
location: location
properties: {
description: 'Sample metric measurement query alert rule'
enabled: 'true'
source: {
query: 'Event | where EventLevelName == "Error" | summarize AggregatedValue = count() by bin(TimeGenerated,1h), Computer'
dataSourceId: sourceId
queryType: 'ResultCount'
}
schedule: {
frequencyInMinutes: 15
timeWindowInMinutes: 60
}
action: {
'odata.type': 'Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction'
severity: '4'
aznsAction: {
actionGroup: array(actionGroupId)
emailSubject: 'Alert mail subject'
}
trigger: {
thresholdOperator: 'GreaterThan'
threshold: 10
metricTrigger: {
thresholdOperator: 'Equal'
threshold: 1
metricTriggerType: 'Consecutive'
metricColumn: 'Computer'
}
}
}
}
}
パラメーター ファイル
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sourceId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/bw-samples-arm/providers/microsoft.operationalinsights/workspaces/bw-arm-01"
},
"location": {
"value": "westus"
},
"actionGroupId": {
"value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/bw-samples-arm/providers/microsoft.insights/actionGroups/ARM samples group 01"
}
}
}