Forum Discussion
How to export Azure Alert Rules (Log Analytics)
Hi Stanislav,
Appreciate for your response !!!
FYI: I already read this article and analyzed the attached scripts.
Script is giving some error (that could be taken care) but the script is fetching "Saved Searches" while i am interested to collect "configuration details of Alert Rules" from Log Analytic section.
Let me know if you have any other pointer for the same.
Regards, Ravi
Log Analytics alerts are not a single resource. Log Analytics alerts are compromised from 3 resources nested within each other. At top is a saved search, beneath saved search is a schedule and beneath schedule is an action. All these 3 resources make an alert. Saved search contains the query that is used for the alert. Schedule contains the time window and frequency for the alert. Action contains the threshold and what action should be taken. So definitely those resources you mead to export Log Analytics alerts.
Hi Stanislav,
Apologies if i misunderstood your information as i am not Expert in OMS but.....
I do have some Alerts (in log analytics) configured for which we do not have any "saved search".
As far as i know, earlier, it was like.....create a search -> save it -> create a rule and use that saved search.
But now..... i do not need to save search......i could directly create a Rule.
Please let me know if I am missing anything or if my understanding is incorrect.
FYI: I tried collecting the details of all saved searches using below command and it worked as expected.
(Get-AzureRmOperationalInsightsSavedSearch -ResourceGroupName "<Resource_Group_Name>" -WorkspaceName "<Workspace_Name>").Value.Properties | where category -eq "Alert"
Regards, Ravi
- The UI creates saved search on its own. If I am not mistaken alerts created from Azure portal are saved under Ibiza Alerts category. The API itself hasn't changed only the UI. Here is the doc on the api:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-api-alerts
Via AzureRM cmdlets you can get only saved searches resources but not schedules and actions that is why these people are using scripts that query directly the Log Analytics api. As I've said you will need to get the all the resources to construct the full properties of an alerts. Remember my note that these resources are nested within each other. I am currently away from my computer so I do not have access to my env.Hi Stanislav,
I read the link you have shared but that is again on around "Saved Search".
As mentioned earlier, i have some Alert Rules Configured but there is no "Saved Search" for them. So, i cannot go via this route.
I logged a case with MS Support. they said that it is not necessary that every Alert rule will have a "Saved Search". MS support is still checking their resource on how to collect Rules details using PowerShell/REST API.
do let me know if you have any other pointer for the same.
regards, Ravi