Forum Discussion
Log Analytics / App Insights permissions
Do Monitor / Log Analytics alerts need any special rights to to read Application Insights held in another subscription ?
I can set an alert up by using a query that reads an Application Insights instance e.g
app('myAppInsightInstance').traces
When setting the alert up, I can see data in the bar chart and I can also click on 'run query in log analytics' and receive data.
However, despite all this, no alerts are ever fired. I've set up plenty of alerts up before but this is the first using application insights.
It's as if, while setting the alert up it's using my rights as I'm the one logged in on the portal but then afterwards the alert uses a different set of rights which maybe hasn't got rights on the app insights instance ?
Grateful for any pointers.
HiJK_UK
To be more precise I have written a blog post about alerts API:
https://cloudadministrator.net/2019/10/07/azure-monitor-alert-series-part-7/
If you scroll to the bottom there is example and on line 44-48 you will see that resources (log analytics workspace or application insights instance) needs to be added with their resource IDs. As far as I know that information is not available trough the portal so you will have to check the ARM API to get it and see if the mentioned app insights instance is added to that part of the properties. Authorized resources part is used when you do cross workspace/app insights queries for alerts.
4 Replies
HIJK_UK
You haven't give up much information how did you create the alert but in order this to work the alert rule needs to have authorized resources property filled with the resource ID of the application insights instance. This can be checked by getting the resource properties of the alert resource.
Hi Stanislav, thanks for the reply.
The Resource is a Log Analytics instance:
The alert is just a log query running the following (purely as a test)
app('uniweb-dev').customMetrics
This should work shouldn't it ? In fact, I've got instances in my dev environment where this works. The difference is is that the environment I'm trying to get this to work in is a lot more complicated.
I'm just about to try redeploying the alert but this time set the Resource at the top as the Application Insights instance. Then the query presumably would just need to be:
customMetrics
I'll keep you posted.
HiJK_UK
To be more precise I have written a blog post about alerts API:
https://cloudadministrator.net/2019/10/07/azure-monitor-alert-series-part-7/
If you scroll to the bottom there is example and on line 44-48 you will see that resources (log analytics workspace or application insights instance) needs to be added with their resource IDs. As far as I know that information is not available trough the portal so you will have to check the ARM API to get it and see if the mentioned app insights instance is added to that part of the properties. Authorized resources part is used when you do cross workspace/app insights queries for alerts.
