azurermMonitorScheduledQueryRulesAlert

Manages an AlertingAction Scheduled Query Rules resource within Azure Monitor.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "monitoring-resources",
  }
);
const azurermApplicationInsightsExample =
  new azurerm.applicationInsights.ApplicationInsights(this, "example_1", {
    application_type: "web",
    location: azurermResourceGroupExample.location,
    name: "appinsights",
    resource_group_name: azurermResourceGroupExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermApplicationInsightsExample.overrideLogicalId("example");
const azurermApplicationInsightsExample2 =
  new azurerm.applicationInsights.ApplicationInsights(this, "example2", {
    application_type: "web",
    location: azurermResourceGroupExample.location,
    name: "appinsights2",
    resource_group_name: azurermResourceGroupExample.name,
  });
const azurermMonitorScheduledQueryRulesAlertExample =
  new azurerm.monitorScheduledQueryRulesAlert.MonitorScheduledQueryRulesAlert(
    this,
    "example_3",
    {
      action: [
        {
          action_group: [],
          custom_webhook_payload: "{}",
          email_subject: "Email Header",
        },
      ],
      data_source_id: azurermApplicationInsightsExample.id,
      description: "Alert when total results cross threshold",
      enabled: true,
      frequency: 5,
      location: azurermResourceGroupExample.location,
      name: "example",
      query:
        "requests\n  | where tolong(resultCode) >= 500\n  | summarize count() by bin(timestamp, 5m)\n",
      resource_group_name: azurermResourceGroupExample.name,
      severity: 1,
      tags: {
        foo: "bar",
      },
      time_window: 30,
      trigger: [
        {
          operator: "GreaterThan",
          threshold: 3,
        },
      ],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorScheduledQueryRulesAlertExample.overrideLogicalId("example");
const azurermMonitorScheduledQueryRulesAlertExample2 =
  new azurerm.monitorScheduledQueryRulesAlert.MonitorScheduledQueryRulesAlert(
    this,
    "example2_4",
    {
      action: [
        {
          action_group: [],
          custom_webhook_payload: "{}",
          email_subject: "Email Header",
        },
      ],
      authorized_resource_ids: [azurermApplicationInsightsExample2.id],
      data_source_id: azurermApplicationInsightsExample.id,
      description: "Query may access data within multiple resources",
      enabled: true,
      frequency: 5,
      location: azurermResourceGroupExample.location,
      name: "example",
      query: `\${format(<<-QUERY
  let a=requests
    | where toint(resultCode) >= 500
    | extend fail=1; let b=app('%s').requests
    | where toint(resultCode) >= 500 | extend fail=1; a
    | join b on fail
QUERY
  , ${azurermApplicationInsightsExample2.id})}`,
      resource_group_name: azurermResourceGroupExample.name,
      severity: 1,
      tags: {
        foo: "bar",
      },
      time_window: 30,
      trigger: [
        {
          operator: "GreaterThan",
          threshold: 3,
        },
      ],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorScheduledQueryRulesAlertExample2.overrideLogicalId("example2");

Argument Reference

The following arguments are supported:

name - (Required) The name of the scheduled query rule. Changing this forces a new resource to be created.
resourceGroupName - (Required) The name of the resource group in which to create the scheduled query rule instance. Changing this forces a new resource to be created.
location - (Required) Specifies the Azure Region where the resource should exist. Changing this forces a new resource to be created.
dataSourceId - (Required) The resource URI over which log search query is to be run.
frequency - (Required) Frequency (in minutes) at which rule condition should be evaluated. Values must be between 5 and 1440 (inclusive).
query - (Required) Log search query.
timeWindow - (Required) Time window for which data needs to be fetched for query (must be greater than or equal to frequency). Values must be between 5 and 2880 (inclusive).
trigger - (Required) A trigger block as defined below.
action - (Required) An action block as defined below.
authorizedResourceIds - (Optional) List of Resource IDs referred into query.
autoMitigationEnabled - (Optional) Should the alerts in this Metric Alert be auto resolved? Defaults to false. -> NOTE autoMitigationEnabled and throttling are mutually exclusive and cannot both be set.
description - (Optional) The description of the scheduled query rule.
enabled - (Optional) Whether this scheduled query rule is enabled. Default is true.
queryType - (Optional) The type of query results. Possible values are resultCount and number. Default is resultCount. If set to number, query must include an aggregatedValue column of a numeric type, for example, heartbeat |SummarizeAggregatedValue =Count()ByBin(timeGenerated,5M).
severity - (Optional) Severity of the alert. Possible values include: 0, 1, 2, 3, or 4.
throttling - (Optional) Time (in minutes) for which Alerts should be throttled or suppressed. Values must be between 0 and 10000 (inclusive).
tags - (Optional) A mapping of tags to assign to the resource.

The action block supports the following:

actionGroup - (Required) List of action group reference resource IDs.
customWebhookPayload - (Optional) Custom payload to be sent for all webhook payloads in alerting action.
emailSubject - (Optional) Custom subject override for all email ids in Azure action group.

The metricTrigger block supports the following:

metricColumn - (Required) Evaluation of metric on a particular column.
metricTriggerType - (Required) Metric Trigger Type - 'Consecutive' or 'Total'.
operator - (Required) Evaluation operation for rule - 'Equal', 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'.
threshold - (Required) The threshold of the metric trigger. Values must be between 0 and 10000 inclusive.

The trigger block supports the following:

metricTrigger - (Optional) A metricTrigger block as defined above. Trigger condition for metric query rule.
operator - (Required) Evaluation operation for rule - 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'.
threshold - (Required) Result or count threshold based on which rule should be triggered. Values must be between 0 and 10000 inclusive.

Attributes Reference

The following attributes are exported:

id - The ID of the scheduled query rule.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Scheduled Query Rule Alert.
update - (Defaults to 30 minutes) Used when updating the Scheduled Query Rule Alert.
read - (Defaults to 5 minutes) Used when retrieving the Scheduled Query Rule Alert.
delete - (Defaults to 30 minutes) Used when deleting the Scheduled Query Rule Alert.

Import

Scheduled Query Rule Alerts can be imported using the resourceId, e.g.

terraform import azurerm_monitor_scheduled_query_rules_alert.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Insights/scheduledQueryRules/myrulename