Multiple level alerts with ARM Template

If you run into the situation, that you want to set multiple activity alerts into a resource that you want to monitor, but when you configure or want to edit the alert, you only see a single level of alert (picture below), you normally create another alert into the same resource.

That is a way to solve the issue, but you can create or have multiple level of alerts into the same resource. On the other hand, you could create a multiple level alert through JSON file and then apply the template to the resource you want to monitor.

The Activity Log Alert language is actually pretty powerful if you are willing to get your hands a little dirty and write the “condition” property in JSON yourself. For example, if you create an alert in the portal, and then look at the “Create Activity Log Alert” event in your Activity Log, you will see in the properties field there is the full JSON (unfortunately, delimited and in one field) of the alert that was created, and the “condition” property for an alert looks fairly similar to the JSON for ARM policy. It can contain:

  1. Both allOf (ANDs) as well as anyOf (ORs)
  2. Equals (on a property that has a single value) or containsAny (on a property that is an Array)
  3. Either an explicit field name (eg “category”) or a JSON path with wildcards to any property that matches (eg. “properties.impactedServices[?(@.ServiceName == ‘Virtual Machines’)].ImpactedRegions[*].RegionName”)

Here’s a complex example of what you could put in the condition in raw JSON that would work correctly:

{

    “location”: “global”,

    “properties”: {

        “scopes”: [

            “/subscriptions/<SUBSCRIPTION_ID>”

        ],

        “description”: “TEST”,

        “condition”: {

            “allOf”: [

                {

                    “field”: “category”,

                    “equals”: “ServiceHealth”

                },

                {

                    “field”: “status”,

                    “equals”: “Active”

                },

                {

                    “field”: “properties.impactedServices[?(@.ServiceName == ‘Virtual Machines’)].ImpactedRegions[*].RegionName”,

                    “containsAny”: [

                        “EastUS2”,

                        “WestUS2”

                    ]

                }

            ],

            “anyOf”: [

                {

                    “field”: “level”,

                    “equals”: “Warning”

                },

                {

                    “field”: “level”,

                    “equals”: “Error”

                }

            ]

        },

        “actions”: {

            “actionGroups”: [

                {

                    “actionGroupId”: “/subscriptions/<SUBSCRIPTION_ID>/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/<GROUP_NAME>”,

                    “webhookProperties”: {}

                }

            ]

        },

        “enabled”: true

    }

}

This translates to: “Activate the alert if there is an Active Service Health event on Virtual Machines in either East US 2 or West US 2, but only if the level is either Warning or Error.”

Cheers,

Marcos Nogueira
Azure MVP

azurecentric.com
Twitter: @mdnoga

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

Leave a Reply

Your email address will not be published. Required fields are marked *