2

我想基于查询使用 PowerShell 创建日志警报。我按照https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing-log-alerts-using-powershell下的说明进行了如下修改:

$source = New-AzScheduledQueryRuleSource -Query "AzureActivity | where Category == 'Policy' and Level != 'Informational' | extend p=todynamic(Properties) | extend policies=todynamic(tostring(p.policies)) | mvexpand policy = policies | where p.isComplianceCheck == 'False'" -DataSourceId "$Workspace.ResourceId"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 5 -TimeWindowInMinutes 5

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "$actionGroup.Id" -EmailSubject "New Resource Group with missing tags" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition

上述命令成功,但是当我运行以下命令来创建规则时:

New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

我收到一个 BadRequest:

PS /home/nicolas> New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source$source -Name "Alert Name"
WARNING: 12:29:17 AM - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases.
WARNING: 12:29:17 AM - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes.
New-AzScheduledQueryRule: Exception type: Exception, Message: System.Exception: Error occurred while creating Log Alert rule
 ---> System.AggregateException: One or more errors occurred. (Operation returned an invalid status code 'BadRequest')
 ---> Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'BadRequest'
   at Microsoft.Azure.Management.Monitor.ScheduledQueryRulesOperations.CreateOrUpdateWithHttpMessagesAsync(String resourceGroupName, String ruleName, LogSearchRuleResource parameters, Dictionary`2customHeaders, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase: Null
PS /home/nicolas>

我找不到原因。

你有什么主意吗 ?

在此先感谢尼古拉斯

4

1 回答 1

2

bad request 错误太板了,您可以使用Fiddler捕获详细的错误消息。$actionGroup.Id并为and指定值$Workspace.ResourceId(工作区是您之前创建的)。我参考这篇文章并且运行良好这是我的代码:

$source = New-AzScheduledQueryRuleSource -Query 'Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m), _ResourceId' -DataSourceId "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.OperationalInsights/workspaces/yourWorkspaceName"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 15 -TimeWindowInMinutes 30

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 2 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "LessThan" -Threshold 5 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.insights/actiongroups/yourAGName" -EmailSubject "Custom email subject" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition


New-AzScheduledQueryRule -ResourceGroupName "xxxxxxx" -Location "Central US" -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

这是输出:

在此处输入图像描述

于 2020-03-30T08:44:31.370 回答