Forum Discussion
Solved
Create OMS Alert throug ARM template
Hi all I am trying to create an oms workspace with alerts attached to it through ARM templates. I already created an OMS workspace and for the alert part I followed the following tutorial. After so...
Hi,
The blog post you reference is old as there are changes in the API. Log Analytics alerts no longer use their own actions rather they reference Action Group. So you first you have to have Action Group to reference. You've found the link for creating Action Group via ARM template. You've also find the template for creating Log Analytics alerts. You still have to create saved search, schedule and action resources. The main difference in the action you have to reference the Action Group. The extending alerts to Azure means that if you had created previously alerts that were using the api referenced in the blog post you've provided will be converted to using Action Group automatically. In short the only differences are the API version is increased and this part of action resources:
"EmailNotification": { "Recipients": [ "[parameters('EmailRecipients')]" ], "Subject": "[parameters('DisplayNameOfSearch')]" }cannot be used but instead you have to references action group.
"AzNsNotification": { "GroupIds": "[variables('MyAlert').AzNsNotification.GroupIds]", "CustomEmailSubject": "[variables('MyAlert').AzNsNotification.CustomEmailSubject]", "CustomWebhookPayload": "[variables('MyAlert').AzNsNotification.CustomWebhookPayload]" }CustomEmailSubject and CustomWebhookPayload are not mandatory parameters and if they are not used you can skip them. You can also see GroupIds is actually array so you can reference multiple resource groups if needed. Look at the full sample to help you understand better:
Hi,
The blog post you reference is old as there are changes in the API. Log Analytics alerts no longer use their own actions rather they reference Action Group. So you first you have to have Action Group to reference. You've found the link for creating Action Group via ARM template. You've also find the template for creating Log Analytics alerts. You still have to create saved search, schedule and action resources. The main difference in the action you have to reference the Action Group. The extending alerts to Azure means that if you had created previously alerts that were using the api referenced in the blog post you've provided will be converted to using Action Group automatically. In short the only differences are the API version is increased and this part of action resources:
"EmailNotification": {
"Recipients": [
"[parameters('EmailRecipients')]"
],
"Subject": "[parameters('DisplayNameOfSearch')]"
}
cannot be used but instead you have to references action group.
"AzNsNotification": {
"GroupIds": "[variables('MyAlert').AzNsNotification.GroupIds]",
"CustomEmailSubject": "[variables('MyAlert').AzNsNotification.CustomEmailSubject]",
"CustomWebhookPayload": "[variables('MyAlert').AzNsNotification.CustomWebhookPayload]"
}
CustomEmailSubject and CustomWebhookPayload are not mandatory parameters and if they are not used you can skip them. You can also see GroupIds is actually array so you can reference multiple resource groups if needed. Look at the full sample to help you understand better:
What I don't understand , is how my alerts that I create being connected to the virtual machine.
If i create an alert under : workspaces\savedsearch\shedule\actions the alerts in the portal are shown under the workspace resource and not under the virtual machine.
These are Log Analytics alerts. They are general in nature and are not linked to any Azure resource. Log Analytics can store data from Azure and non-Azure resources. The main part of the alert is the query and the query can be scoped for example to specific group of computers or to apply to all computers that report data to Log Analytics.
I am sorry for the bad explanation.
What i mean is that in my query i can use "Heartbeat" and get results. But i can ask for performance logs. So therefore i asked if i need some extra resource so that every log of the virtual machine will be pushed to the log analytics. So that i can run the "Perf" query on my log analytics.
Hi,
To have performance data from servers appearing in Log Analytics and being able to alert on it with Log Analytics queries you will need to add the desired performance counters. This is explained here:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-performance-counters
