azure - 是否有用于为日志分析创建 OMS 警报的 ARM 模板解决方案
问题描述
我正在尝试通过 ARM 模板创建一个带有警报的 oms 工作区。我已经创建了一个 OMS 工作区,对于警报部分,我遵循了以下教程。经过一番挣扎,为什么我的警报不会部署,我在同一教程的命令中看到了以下注释。
“操作”方案已更改,此外警报位于 Azure Monitor 中:) 这是链接。
当我试图阅读文档并变得更聪明时,我只是陷入了无休止的参考链接循环:
教程中提供的链接说,Beginning May 14, 2018, all alerts in an Azure public cloud instance of Log Analytics workspace began to extend into Azure.
一段时间后我找到了以下链接。我以为我终于找到了如何解释新警报的地方。但这是为了应用程序洞察力而不是日志分析。
我的问题是:有没有人可以帮助我尝试找出新的警报计划是如何工作的,或者尝试引导我朝着正确的方向前进。
解决方案
我不是 OMS 专家,但这是我们一直在使用的:
{
"apiVersion": "2017-03-15-preview",
"name": "[concat(variables('namespace'), '/', variables('savedSearches').Search[copyIndex()].Name)]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"copy": {
"name": "SavedSearchCopy",
"count": "[length(variables('savedSearches').Search)]"
},
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', variables('namespace'))]",
"ActionGroupCopy"
],
"properties": {
"category": "Alerts",
"displayName": "[variables('savedSearches').Search[copyIndex()].DisplayName]",
"query": "[variables('savedSearches').Search[copyIndex()].Query]"
}
},
{
"name": "[tolower(concat(variables('namespace'), '/', variables('savedSearches').Search[copyIndex()].Name, '/', variables('savedSearches').Search[copyIndex()].Schedule.Name))]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/",
"apiVersion": "2017-03-03-preview",
"copy": {
"name": "ScheduleCopy",
"count": "[length(variables('savedSearches').Search)]"
},
"dependsOn": [
"SavedSearchCopy"
],
"properties": {
"interval": "5",
"queryTimeSpan": "10",
"enabled": true
}
},
{
"name": "[tolower(concat(variables('namespace'), '/', variables('savedSearches').Search[copyIndex()].Name, '/', variables('savedSearches').Search[copyIndex()].Schedule.Name, '/', variables('savedSearches').Search[copyIndex()].Alert.Name, '-', if(contains(variables('savedSearches').Search[copyIndex()].Alert, 'MetricsTrigger'), 'Total', 'Consecutive')))]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions",
"copy": {
"name": "ActionCopy",
"count": "[length(variables('savedSearches').Search)]"
},
"apiVersion": "2017-03-15-preview",
"dependsOn": [
"SavedSearchCopy"
],
"properties": {
"Type": "Alert",
"Name": "[variables('savedSearches').Search[copyIndex()].Alert.Name]",
"Description": "[variables('savedSearches').Search[copyIndex()].Alert.Description]",
"Severity": "warning",
"Threshold": "[variables('savedSearches').Search[copyIndex()].Alert.Threshold]",
"Throttling": {
"DurationInMinutes": 60
},
"AzNsNotification": {
"GroupIds": [
"[resourceId('microsoft.insights/actionGroups', 'xxx')]"
]
}
}
},
{
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2018-03-01",
"name": "[variables('actionGroups')[copyIndex()].Name]",
"copy": {
"name": "ActionGroupCopy",
"count": "[length(variables('actionGroups'))]"
},
"location": "Global",
"properties": {
"groupShortName": "[variables('actionGroups')[copyIndex()].Name]",
"enabled": true,
"emailReceivers": [
{
"name": "[variables('actionGroups')[copyIndex()].EmailName]",
"emailAddress": "[variables('actionGroups')[copyIndex()].EmailAddress]"
}
]
}
},
这是一个保存的示例搜索变量,我们用它来映射所有内容:
"savedSearches": {
"Search": [
{
"Name": "HighCPU",
"DisplayName": "CPU Above 90%",
"Query": "Perf | where CounterName == \"% Processor Time\" and InstanceName ==\"_Total\" | summarize AggregatedValue = avg(CounterValue) by Computer, bin(TimeGenerated, 1m)",
"Schedule": {
"Name": "HighCPUSchedule"
},
"Alert": {
"Name": "HighCPUAlert",
"Description": "Alert for High CPU",
"Threshold": {
"Operator": "gt",
"Value": 90,
"MetricsTrigger": {
"Value": 2,
"Operator": "gt",
"TriggerCondition": "Consecutive"
}
}
}
},
...
]
}
推荐阅读
- azure - 使用 Azure 设备预配服务的 REST API 注册设备?
- r - R折叠并自动填充行中的空白
- mongodb - 引起:com.mongodb.MongoWriteException:E11000 重复键错误集合:Blog.Posts 索引:id 重复键:{:null }
- javascript - 悬停引导导航栏间隙问题
- r - 使用函数代码产生一个×n矩阵
- laravel - 在 Laravel 中怎么做,子查询 where
- javascript - 用匹配的路由反应 SSR
- reactjs - 反应导航参数不会重置?
- c# - .net core 2.1 Web 应用程序在 Visual Studio 中工作,但在 Windows 10 中部署到 IIS 时不起作用
- javafx - JavaFX中的高刷新率