我正在努力使用 ARM 模板为各种 azure 资源创建 azure 警报。但我想使用以下日志分析查询为 Azure 数据工厂创建自定义警报:
"alertLogQuery": "ADFPipelineRun\r\n| 其中 ResourceId 为 'df-xxx-xxx-xxxx'\r\n| 其中 TimeGenerated > ago(15m)\r\n| 其中 Status 为 'Queued'\r\n | where PipelineName in ('pl_xxx_Business_xxx_Check' , 'pl_xxx_xxxx_Date_Check')\r\n| 按 PipelineName, TimeGenerated\n",
模板文件:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"rgNameOfActionGroup": {
"type": "string",
"metadata": {
"description": "The resource group name of the action group"
}
},
"actionGroupName": {
"type": "string",
"metadata": {
"description": "The name of the action group"
}
},
"rgNameOfLogAnalyticsWorkspace": {
"type": "string",
"metadata": {
"description": "The resource group name of the log analytics workspace"
}
},
"logAnalyticsWorkspaceName": {
"type": "string",
"metadata": {
"description": "The name of the log analytics workspace"
}
},
"alertTypes": {
"type": "array",
"metadata": {
"description": "An array that contains objects with properties for the metric alerts."
}
}
},
"variables": {
"actionGroupResourceId": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfActionGroup'), '/providers/Microsoft.insights/actionGroups/', parameters('actionGroupName'))]",
"workspaceResourceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('rgNameOfLogAnalyticsWorkspace'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('logAnalyticsWorkspaceName'))]",
"copy": [
{
"name": "alertTypes",
"count": "[length(parameters('alertTypes'))]",
"input": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
}
],
"alertSource": {
"Type": "ResultCount"
},
"alertEvaluation": {
"Frequency": 15,
"Time": 15
},
"alertActions": {
"SuppressTimeinMin": 20
}
},
"resources": [
{
"copy": {
"name": "alertTypes",
"count": "[length(parameters('alertTypes'))]"
},
"name": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]",
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2018-04-16",
"location": "global",
"tags": {},
"properties": {
"description": "[parameters('alertTypes')[copyIndex('alertTypes')].alertDescription]",
"enabled": "[parameters('isEnabled')]",
"source": {
"query": "[parameters('alertTypes')[copyIndex('alertTypes')].alertLogQuery]",
"dataSourceId": "[variables('workspaceResourceId')]",
"queryType": "[variables('alertSource').Type]"
},
"schedule": {
"frequencyInMinutes": "[variables('alertEvaluation').Frequency]",
"timeWindowInMinutes": "[variables('alertEvaluation').Time]"
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "[parameters('alertTypes')[copyIndex('alertTypes')].alertSeverity]",
"throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
"aznsAction": {
"actionGroup": "[array(variables('actionGroupResourceId'))]",
"emailSubject": "[parameters('alertTypes')[copyIndex('alertTypes')].alertName]"
},
"trigger": {
"thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
"threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
"metricTrigger": {
"thresholdOperator": "[parameters('alertTypes')[copyIndex('alertTypes')].operator]",
"threshold": "[parameters('alertTypes')[copyIndex('alertTypes')].thresholdValue]",
"metricColumn": "Classification",
"metricTriggerType": "Consecutive"
}
}
}
}
}
],
"outputs": {
"alertNames": {
"type": "array",
"value": "[variables('alertTypes')]"
}
}
}
我收到以下错误:
模板验证失败:类型“Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[System.String]”的模板资源“df-xx-xx-xxx-Queued Demo ADF pipelines alert/report” “71”和“60”列的段长度不正确。嵌套资源类型必须具有与其资源名称相同的段数。根资源类型的段长度必须比其资源名称大一。
那么,任何人都可以建议我如何解决上述问题。