时间戳

首页 > 解决方案 > 如何使用 Terraform 使用 Log Workspace 实现 Azure Monitoring Alert VM Heartbeat

azure - 如何使用 Terraform 使用 Log Workspace 实现 Azure Monitoring Alert VM Heartbeat

问题描述

需要使用 KQL/Kusto 查询在 Azure 监控中实现一系列警报。这是非常基本的,例如心跳、可用磁盘空间(基于代理输出到日志工作区)。

查看 Terraform 文档,我不确定要使用哪些资源。我希望我需要先在资源中构建查询,然后再构建警报资源。但是,查看文档似乎应该将查询添加到此资源中。

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_activity_log_alert

无论如何,如果有人能分享一个为虚拟机 Win/linux 实现天蓝色监视器警报的示例,那就太棒了。

标签: azureterraformkqlazure-log-analytics

解决方案

谢谢用户P。发布您的建议作为帮助其他社区成员的答案。

azurerm_monitor_scheduled_query_rules_alert

  • 管理 Azure Monitor 中的 AlertingAction 计划查询规则资源。
resource "azurerm_resource_group" "example" {
  name     = "monitoring-resources"
  location = "West Europe"
}

resource "azurerm_application_insights" "example" {
  name                = "appinsights"
  location            = var.location
  resource_group_name = azurerm_resource_group.example.name
  application_type    = "web"
}

resource "azurerm_application_insights" "example2" {
  name                = "appinsights2"
  location            = var.location
  resource_group_name = azurerm_resource_group.example.name
  application_type    = "web"
}

# Example: Alerting Action with metric trigger
resource "azurerm_monitor_scheduled_query_rules_alert" "example" {
  name                = format("%s-queryrule", var.prefix)
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  action {
    action_group           = []
    email_subject          = "Email Header"
    custom_webhook_payload = "{}"
  }
  data_source_id = azurerm_application_insights.example.id
  description    = "Query results grouped into AggregatedValue; alert when results cross threshold"
  enabled        = true
  # Count all requests with server error result code grouped into 5-minute bins by HTTP operation
  query       = <<-QUERY
  requests
    | where tolong(resultCode) >= 500
    | summarize AggregatedValue = count() by operation_Name, bin(timestamp, 5m)
QUERY
  severity    = 1
  frequency   = 5
  time_window = 30
  trigger {
    operator  = "GreaterThan"
    threshold = 3
    metric_trigger {
      operator            = "GreaterThan"
      threshold           = 1
      metric_trigger_type = "Total"
      metric_column       = "operation_Name"
    }
  }
}

您可以参考azurerm_monitor_scheduled_query_rules_alert基于日志分析查询的支持警报

推荐阅读