我想使用ARM模板配置Log Analytics警报,因此只需遵循给定的链接:-https://docs.microsoft.com/en-in/azure/azure-monitor/insights/solutions-resources-searches-alerts#sample
但是问题是,我正在研究创建CPU,内存和磁盘警报的要求。为此,我需要用不同的KQL编写3种不同的ARM。您能帮我编辑给定的模板,以满足我使用单个ARM生成所有警报的要求。
如果我将创建3个不同的模板,则主要问题是我的Log Analytics下将有3个解决方案,因为此模板正在为每个警报创建解决方案。因此,只需寻找一种编辑此模板的方法,即可使用单个模板配置多个警报。
下面是我要编辑的模板:-
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0",
"parameters": {
"workspaceName": {
"type": "string",
"metadata": {
"Description": "Name of Log Analytics workspace"
}
},
"workspaceregionId": {
"type": "string",
"metadata": {
"Description": "Region of Log Analytics workspace"
}
},
"actiongroup": {
"type": "string",
"metadata": {
"Description": "List of action groups for alert actions separated by semicolon"
}
}
},
"variables": {
"SolutionName": "SolutionTest",
"SolutionVersion": "1.0",
"SolutionPublisher": "SolutionTesters",
"ProductName": "SolutionTest1",
"LogAnalyticsApiVersion": "2017-03-03-preview",
"MySearch": {
"displayName": "Processor over 70%",
"query": 'Perf | where ObjectName=="Processor" and CounterName=="% Processor Time" and CounterValue>70',
"category": "Samples",
"name": "Samples-Count of data"
},
"MyAlert": {
"Name": "[toLower(concat('myalert-',uniqueString(resourceGroup().id, deployment().name)))]",
"DisplayName": "Processor over 70%",
"Description": "Processor alert. Fires when 3 error records found over hour interval.",
"Severity": "critical",
"ThresholdOperator": "gt",
"ThresholdValue": 70,
"Schedule": {
"Name": "[toLower(concat('myschedule-',uniqueString(resourceGroup().id, deployment().name)))]",
"Interval": 15,
"TimeSpan": 60
},
"MetricsTrigger": {
"TriggerCondition": "Consecutive",
"Operator": "gt",
"Value": 3
},
"ThrottleMinutes": 60,
"AzNsNotification": {
"GroupIds": [
"[parameters('actiongroup')]"
],
"CustomEmailSubject": "Sample alert for processor query"
}
}
},
"resources": [
{
"name": "[concat(variables('SolutionName'), '[' ,parameters('workspacename'), ']')]",
"location": "[parameters('workspaceRegionId')]",
"tags": { },
"type": "Microsoft.OperationsManagement/solutions",
"apiVersion": "2015-11-01-preview",
"dependsOn": [
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspacename'), variables('MySearch').Name)]",
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches/schedules', parameters('workspacename'), variables('MySearch').Name, variables('MyAlert').Schedule.Name)]",
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions', parameters('workspacename'), variables('MySearch').Name, variables('MyAlert').Schedule.Name, variables('MyAlert').Name)]",
],
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspacename'))]",
"referencedResources": [
],
"containedResources": [
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspacename'), variables('MySearch').Name)]",
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches/schedules', parameters('workspacename'), variables('MySearch').Name, variables('MyAlert').Schedule.Name)]",
"[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions', parameters('workspacename'), variables('MySearch').Name, variables('MyAlert').Schedule.Name, variables('MyAlert').Name)]"
]
},
"plan": {
"name": "[concat(variables('SolutionName'), '[' ,parameters('workspaceName'), ']')]",
"Version": "[variables('SolutionVersion')]",
"product": "[variables('ProductName')]",
"publisher": "[variables('SolutionPublisher')]",
"promotionCode": ""
}
},
{
"name": "[concat(parameters('workspaceName'), '/', variables('MySearch').Name)]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"apiVersion": "[variables('LogAnalyticsApiVersion')]",
"dependsOn": [ ],
"tags": { },
"properties": {
"etag": "*",
"query": "[variables('MySearch').query]",
"displayName": "[variables('MySearch').displayName]",
"category": "[variables('MySearch').category]"
}
},
{
"name": "[concat(parameters('workspaceName'), '/', variables('MySearch').Name, '/', variables('MyAlert').Schedule.Name)]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/",
"apiVersion": "[variables('LogAnalyticsApiVersion')]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'), '/savedSearches/', variables('MySearch').Name)]"
],
"properties": {
"etag": "*",
"interval": "[variables('MyAlert').Schedule.Interval]",
"queryTimeSpan": "[variables('MyAlert').Schedule.TimeSpan]",
"enabled": true
}
},
{
"name": "[concat(parameters('workspaceName'), '/', variables('MySearch').Name, '/', variables('MyAlert').Schedule.Name, '/', variables('MyAlert').Name)]",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions",
"apiVersion": "[variables('LogAnalyticsApiVersion')]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'), '/savedSearches/', variables('MySearch').Name, '/schedules/', variables('MyAlert').Schedule.Name)]"
],
"properties": {
"etag": "*",
"Type": "Alert",
"Name": "[variables('MyAlert').DisplayName]",
"Description": "[variables('MyAlert').Description]",
"Severity": "[variables('MyAlert').Severity]",
"Threshold": {
"Operator": "[variables('MyAlert').ThresholdOperator]",
"Value": "[variables('MyAlert').ThresholdValue]",
"MetricsTrigger": {
"TriggerCondition": "[variables('MyAlert').MetricsTrigger.TriggerCondition]",
"Operator": "[variables('MyAlert').MetricsTrigger.Operator]",
"Value": "[variables('MyAlert').MetricsTrigger.Value]"
}
},
"Throttling": {
"DurationInMinutes": "[variables('MyAlert').ThrottleMinutes]"
},
"AzNsNotification": {
"GroupIds": "[variables('MyAlert').AzNsNotification.GroupIds]",
"CustomEmailSubject": "[variables('MyAlert').AzNsNotification.CustomEmailSubject]"
}
}
}
]
}
如何在上面的模板中添加内存,磁盘警报。
我们将不胜感激:)
答案 0 :(得分:1)
您可以通过将copy元素用作资源类型来做到这一点。但是仍然需要创建警报变量。例如,如果要创建3个警报,则需要三个变量数组,其中包含不同的值。您需要动态使用ID管理资源。
关注此https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-multiple