New-CmAzMonitorLogAlerts

Allows definiton and deployment of log alerts to set action groups.

Deploys log alert rules using custom log analytics queries to specfied action groups, this can be used in the following ways:

  • Utilising the default log alert rule definition for the deployment.
  • Overriding the default log alert rule definition with custom query, schedule, threshold and severity values, additional custom parameters can also be passed.
  • On top of the above, custom actions specifying email subjects and webhook json payloads can be specified.
  • Custom reusable log alert rule definitions can also be defined and deployed.

This command forms part of the Monitor Building Block.

Parameters

-SettingsFile

Required. (String) File path for the settings file to be converted into a settings object.

-SettingsObject

Required. (Object) Object containing the configuration values required to run this cmdlet.

-WhatIf

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

-Confirm

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

Usage

Example 1

1
New-CmAzMonitorLogAlerts -SettingsFile "c:\directory\settingsFile.yml"

Example 2

1
New-CmAzMonitorLogAlerts -SettingsObject $settings

Settings

Beta documentation
The following schema documentation is automatically generated as part of a recent roadmap task. There may be inaccuracies or incomplete information while we flush out bugs; please refer to the packed project settings examples where necessary.

Settings Root.

Component

component [string | null] Mandatory

Value to determine what cmdlet should be dynamically loaded for these settings.

Service

service [object]

Contains dependency and publish details for service location.

Dependencies

dependencies [object]

Contains dependency details for service location.

Workspace

workspace [string]

Dependency value to fetch existing resource type.

Action Groups

actionGroups [array | null]

Global default dependency value to fetch existing resource type.

Publish

publish [object | null]

Contains publish details for service location.

Log Alert

logAlert [string | null]

Global default value to publish on deployed resource type.

Groups

groups [array] Mandatory

Contains all details pertaining to logical groupings of alert sets.

Name

name [string]

The name of the grouping.

Alert Sets

alertSets [array]

Contains all alert set details for a specific grouping.

Type

type [string]

The type of resource the collection of alerts is grouped against.

Name

name [string | null]

Becomes part of log alert rule generated name.

Alerts

alerts [array]

Contains all details of the log alert rules to be deployed.

Definition

definition [string | null]

Name of a pre-existing definition of a log alert.

Name

name [string | null]

Becomes part of log alert rule generated name.

Description

description [string | null]

Description of the log alert.

Suppress

suppress [object | null]

Set the suppression time on a triggered alert.

Enabled

enabled [boolean]

If alert suppression is enabled or not.

mins

mins [integer | null]

Time (in minutes) for which Alerts should be throttled or suppressed.

windows

windows [integer | null]

Consecutive periods to continue suppressing the alert.

Threshold

threshold [object | null]

Contains threshold details for the log alert rule query.

Operator

operator [string]

The value comparison operator.

Valid values:"greaterThan" , "equal" , "lessThan"

Value

value [integer]

The threshold value that triggers the alert.

Enabled

enabled [boolean | null]

If the alert rule is enabled or not.

Default:true

Severity

severity [string | null]

The severity level of the alert to trigger.

Valid values:"Critical" , "Error" , "Warning" , "Informational" , "Verbose"

Schedule

schedule [object | null]

Contains the log alert rule schedule details.

Frequency In Minutes

frequencyInMinutes [integer]

The frequency in which the log analytics query is executed.

Valid values:"5" , "10" , "15" , "30" , "45" , "60" , "120" , "180" , "240" , "300" , "360" , "1440"

Time Window In Minutes

timeWindowInMinutes [integer]

The time windows of results to return for the log analytics query

Valid values:"5" , "10" , "15" , "30" , "45" , "60" , "120" , "180" , "240" , "300" , "360" , "1440" , "2880"

Service

service [object | null]

Contains dependency and publish details for service location.

Dependencies

dependencies [object | null]

Contains dependency details for service location.

Action Groups

actionGroups [array | null]

Local overriding dependency value to fetch existing resource type.

Publish

publish [object | null]

Contains publish details for service location.

Log Alert

logAlert [string | null]

Local overriding value to publish on deployed existing resource type.

Customised Actions

customisedActions [object | null]

Container of additonal custom actions for when an alert is triggered.

Email Subject

emailSubject [string]

Subject of email sent from action group.

Webhook Json Payload

webhookJsonPayload [string]

Specify a custom json payload that gets sent to the webhook instead of the default alert payload.

Parameters

parameters [object | null]

Any required parameters for the log alert

Examples

The following example files are automatically generated from the settings file schema definition to show how the specification can be used in practise. Cloudmarque can accept both JSON and YAML parameter files.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
{
  "component": "string",
  "service": {
    "dependencies": {
      "workspace": "string",
      "actionGroups": [

      ]
    },
    "publish": {
      "logAlert": "string"
    }
  },
  "groups": [
    {
      "name": "string",
      "alertSets": [
        {
          "type": "string",
          "name": "string",
          "alerts": [
            {
              "definition": "string",
              "name": "string",
              "description": "string",
              "suppress": {
                "enabled": true,
                "mins": "integer",
                "windows": "integer"
              },
              "threshold": {
                "operator": "greaterThan",
                "value": 0
              },
              "enabled": "true",
              "severity": "Critical",
              "schedule": {
                "frequencyInMinutes": 0,
                "timeWindowInMinutes": 0
              },
              "service": {
                "dependencies": {
                  "actionGroups": [

                  ]
                },
                "publish": {
                  "logAlert": "string"
                }
              },
              "customisedActions": {
                "emailSubject": "string",
                "webhookJsonPayload": "string"
              },
              "parameters": {

              }
            }
          ]{

              }
        }
      ]{

              }
    }
  ]{

              }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
component: "string"    # Mandatory
service:     # Optional
  dependencies:     # Mandatory
    workspace: "string"    # Mandatory
    actionGroups:     # Optional
      -   publish:     # Optional
    logAlert: "string"    # Optional
groups:     # Mandatory
  - name: "string"    # Mandatory
    alertSets:     # Mandatory
      - type: "string"    # Mandatory
        name: "string"    # Optional
        alerts:     # Mandatory
          - definition: "string"    # Optional
            name: "string"    # Optional
            description: "string"    # Optional
            suppress:     # Optional
              enabled: true    # Mandatory
              mins: "integer"    # Optional
              windows: "integer"    # Optional
            threshold:     # Optional
              operator: "greaterThan"    # Mandatory
              value: 0    # Mandatory
            enabled: "true"    # Optional
            severity: "Critical"    # Optional
            schedule:     # Optional
              frequencyInMinutes: 0    # Mandatory
              timeWindowInMinutes: 0    # Mandatory
            service:     # Optional
              dependencies:     # Optional
                actionGroups:     # Optional
                  -               publish:     # Optional
                logAlert: "string"    # Optional
            customisedActions:     # Optional
              emailSubject: "string"    # Optional
              webhookJsonPayload: "string"    # Optional
            parameters:     # Optional