azurermMonitorScheduledQueryRulesAlert
Manages an AlertingAction Scheduled Query Rules resource within Azure Monitor.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "monitoring-resources",
}
);
const azurermApplicationInsightsExample =
new azurerm.applicationInsights.ApplicationInsights(this, "example_1", {
application_type: "web",
location: azurermResourceGroupExample.location,
name: "appinsights",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermApplicationInsightsExample.overrideLogicalId("example");
const azurermApplicationInsightsExample2 =
new azurerm.applicationInsights.ApplicationInsights(this, "example2", {
application_type: "web",
location: azurermResourceGroupExample.location,
name: "appinsights2",
resource_group_name: azurermResourceGroupExample.name,
});
const azurermMonitorScheduledQueryRulesAlertExample =
new azurerm.monitorScheduledQueryRulesAlert.MonitorScheduledQueryRulesAlert(
this,
"example_3",
{
action: [
{
action_group: [],
custom_webhook_payload: "{}",
email_subject: "Email Header",
},
],
data_source_id: azurermApplicationInsightsExample.id,
description: "Alert when total results cross threshold",
enabled: true,
frequency: 5,
location: azurermResourceGroupExample.location,
name: "example",
query:
"requests\n | where tolong(resultCode) >= 500\n | summarize count() by bin(timestamp, 5m)\n",
resource_group_name: azurermResourceGroupExample.name,
severity: 1,
tags: {
foo: "bar",
},
time_window: 30,
trigger: [
{
operator: "GreaterThan",
threshold: 3,
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorScheduledQueryRulesAlertExample.overrideLogicalId("example");
const azurermMonitorScheduledQueryRulesAlertExample2 =
new azurerm.monitorScheduledQueryRulesAlert.MonitorScheduledQueryRulesAlert(
this,
"example2_4",
{
action: [
{
action_group: [],
custom_webhook_payload: "{}",
email_subject: "Email Header",
},
],
authorized_resource_ids: [azurermApplicationInsightsExample2.id],
data_source_id: azurermApplicationInsightsExample.id,
description: "Query may access data within multiple resources",
enabled: true,
frequency: 5,
location: azurermResourceGroupExample.location,
name: "example",
query: `\${format(<<-QUERY
let a=requests
| where toint(resultCode) >= 500
| extend fail=1; let b=app('%s').requests
| where toint(resultCode) >= 500 | extend fail=1; a
| join b on fail
QUERY
, ${azurermApplicationInsightsExample2.id})}`,
resource_group_name: azurermResourceGroupExample.name,
severity: 1,
tags: {
foo: "bar",
},
time_window: 30,
trigger: [
{
operator: "GreaterThan",
threshold: 3,
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorScheduledQueryRulesAlertExample2.overrideLogicalId("example2");
Argument Reference
The following arguments are supported:
name
- (Required) The name of the scheduled query rule. Changing this forces a new resource to be created.resourceGroupName
- (Required) The name of the resource group in which to create the scheduled query rule instance. Changing this forces a new resource to be created.location
- (Required) Specifies the Azure Region where the resource should exist. Changing this forces a new resource to be created.dataSourceId
- (Required) The resource URI over which log search query is to be run.frequency
- (Required) Frequency (in minutes) at which rule condition should be evaluated. Values must be between 5 and 1440 (inclusive).query
- (Required) Log search query.timeWindow
- (Required) Time window for which data needs to be fetched for query (must be greater than or equal tofrequency
). Values must be between 5 and 2880 (inclusive).trigger
- (Required) Atrigger
block as defined below.action
- (Required) Anaction
block as defined below.authorizedResourceIds
- (Optional) List of Resource IDs referred into query.autoMitigationEnabled
- (Optional) Should the alerts in this Metric Alert be auto resolved? Defaults tofalse
. -> NOTEautoMitigationEnabled
andthrottling
are mutually exclusive and cannot both be set.description
- (Optional) The description of the scheduled query rule.enabled
- (Optional) Whether this scheduled query rule is enabled. Default istrue
.queryType
- (Optional) The type of query results. Possible values areresultCount
andnumber
. Default isresultCount
. If set tonumber
,query
must include anaggregatedValue
column of a numeric type, for example,heartbeat |SummarizeAggregatedValue =Count()ByBin(timeGenerated,5M)
.severity
- (Optional) Severity of the alert. Possible values include: 0, 1, 2, 3, or 4.throttling
- (Optional) Time (in minutes) for which Alerts should be throttled or suppressed. Values must be between 0 and 10000 (inclusive).tags
- (Optional) A mapping of tags to assign to the resource.
The action
block supports the following:
actionGroup
- (Required) List of action group reference resource IDs.customWebhookPayload
- (Optional) Custom payload to be sent for all webhook payloads in alerting action.emailSubject
- (Optional) Custom subject override for all email ids in Azure action group.
The metricTrigger
block supports the following:
metricColumn
- (Required) Evaluation of metric on a particular column.metricTriggerType
- (Required) Metric Trigger Type - 'Consecutive' or 'Total'.operator
- (Required) Evaluation operation for rule - 'Equal', 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'.threshold
- (Required) The threshold of the metric trigger. Values must be between 0 and 10000 inclusive.
The trigger
block supports the following:
metricTrigger
- (Optional) AmetricTrigger
block as defined above. Trigger condition for metric query rule.operator
- (Required) Evaluation operation for rule - 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'.threshold
- (Required) Result or count threshold based on which rule should be triggered. Values must be between 0 and 10000 inclusive.
Attributes Reference
The following attributes are exported:
id
- The ID of the scheduled query rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Scheduled Query Rule Alert.update
- (Defaults to 30 minutes) Used when updating the Scheduled Query Rule Alert.read
- (Defaults to 5 minutes) Used when retrieving the Scheduled Query Rule Alert.delete
- (Defaults to 30 minutes) Used when deleting the Scheduled Query Rule Alert.
Import
Scheduled Query Rule Alerts can be imported using the resourceId
, e.g.