本文包含用于在 Azure Monitor 中创建和配置日志搜索警报的 Azure 资源管理器模板示例。 每个示例都包含模板文件和参数文件,其中包含要提供给模板的示例值。
注释
有关可用示例的列表以及在 Azure 订阅中部署这些示例的指南,请参阅 Azure Monitor 的 Azure 资源管理器示例。
注释
日志警报规则属性中所有数据的总大小不能超过 64KB。 这可能是由维度过多、查询太大、操作组过多或描述较长造成的。 创建大型警报规则时,请记得优化这些区域。
所有资源类型的模板(从版本 2025-01-01-preview 开始)
以下示例创建一条可针对任何资源的规则。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"___location": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Location of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "This is a metric alert",
"metadata": {
"description": "Description of alert"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"autoMitigate": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the alert will automatically resolve"
}
},
"resourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz"
}
},
"query": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the metric used in the comparison to activate the alert."
}
},
"muteActionsDuration": {
"type": "string",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H"
],
"metadata": {
"description": "Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired."
},
"actionGroupId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The ID of the action group that is triggered when the alert is activated or deactivated"
}
}
},
"resources": [
{
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2025-01-01-preview",
"kind": "SimpleLogAlert",
"name": "[parameters('alertName')]",
"___location": "[parameters('___location')]",
"tags": {},
"properties": {
"description": "[parameters('alertDescription')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"scopes": [
"[parameters('resourceId')]"
],
"criteria": {
"allOf": [
{
"query": "[parameters('query')]",
}
}
]
},
"autoMitigate": "[parameters('autoMitigate')]",
"muteActionsDuration": "[parameters('muteActionsDuration')]",
"actions": {
"actionGroups": [
"[parameters('actionGroupId')]"
],
"customProperties": {
"key1": "value1",
"key2": "value2"
}
}
}
}
]
}
参数文件
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"value": "New Alert"
},
"___location": {
"value": "eastus"
},
"alertDescription": {
"value": "New alert created via template"
},
"alertSeverity": {
"value":3
},
"isEnabled": {
"value": true
},
"resourceId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/replace-with-resourceGroup-name/providers/Microsoft.Compute/virtualMachines/replace-with-resource-name"
},
"query": {
"value": "Perf | where ObjectName == \"Processor\" and CounterName == \"% Processor Time\""
},
"actionGroupId": {
"value": "/subscriptions/replace-with-subscription-id/resourceGroups/resource-group-name/providers/Microsoft.Insights/actionGroups/replace-with-action-group"
}
}
}