Seconding previous comments that this is lot of work to simply fire alerts for a policy. To anyone looking into the https://learn.microsoft.com/en-us/azure/azure-monitor/logs/ingest-logs-event-hub, currently in preview, linked in a few recent comments it is also pretty large number of steps. And much worse from my perspective is this pre-requisite of the official way to do this:
- Your Log Analytics workspace needs to be https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-dedicated-clusters#link-a-workspace-to-a-cluster or to have a https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs#commitment-tiers.
The minimum commitment tier is 100 GB/day ($5,880/month in eastus2) and the cheapest dedicated cluster requires a 500 GB/day commit ($25,950/month in eastus2). So for any small operations or folks not using a lot of log analytics widely that solution is out of reach.