Skip to content

Instantly share code, notes, and snippets.

@mirontoli
Last active October 19, 2020 03:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mirontoli/94f819f1f2e71812d2603e9014c987ab to your computer and use it in GitHub Desktop.
Save mirontoli/94f819f1f2e71812d2603e9014c987ab to your computer and use it in GitHub Desktop.
//https://yuml.me/diagram/scruffy/class/draw
[Alert Rule]*-*[Action Group]
//https://yuml.me/diagram/scruffy/class/draw
[Action Group]-++[Resource Group]-++[Azure Subscription]
[Action Group]-1..*[Action]
[Action]<>-[Webhook {bg:green}]
//https://yuml.me/diagram/scruffy/class/draw
[Condition]-[Signal]
[Condition]-[Alert Logic]
[Alert Logic]-[Threshold]
[Alert Logic]-[Evaluated based on]
{
"data":{
"alertContext":{
"conditionType":"SingleResourceMultipleMetricCriteria",
"properties":null,
"condition":{
"windowStartTime":"2020-10-09T18:44:06.861Z",
"allOf":[
{
"dimensions":{
"value": "/SUBSCRIPTIONS/2CDFB689-1749-4931-A362-1930A6B88A7E/RESOURCEGROUPS/TOLLE-TMP/PROVIDERS/MICROSOFT.LOGIC/WORKFLOWS/TOLLE-FAILING-LOGICAPP",
"name": "ResourceId"
},
"timeAggregation":"Maximum",
"webTestName":null,
"operator":"GreaterThanOrEqual",
"metricValue":1.0,
"metricName":"RunsFailed",
"metricNamespace":"Microsoft.Logic/workflows",
"threshold":"1"
}
],
"windowEndTime":"2020-10-09T18:49:06.861Z",
"windowSize":"PT5M"
}
},
"essentials":{
"alertRule":"Intended faiure",
"severity":"Sev3",
"alertTargetIDs":"/subscriptions/2cdfb689-1749-4931-a362-1930a6b88a7e/resourcegroups/tolle-tmp/providers/microsoft.logic/workflows/tolle-failing-logicapp",
"alertId":"/subscriptions/2cdfb689-1749-4931-a362-1930a6b88a7e/providers/Microsoft.AlertsManagement/alerts/a9cdd08f-98ee-4e2c-a1b1-ab0eedd0245b",
"description":"As expected, tolle-failing-logicapp",
"firedDateTime":"2020-10-09T18:02:19.8604547Z",
"originAlertId":"2cdfb689-1749-4931-a362-1930a6b88a7e_tolle-tmp_microsoft.insights_metricAlerts_Intended faiure_-1312865823",
"monitoringService":"Platform",
"signalType":"Metric",
"essentialsVersion":"1.0",
"monitorCondition":"Fired",
"alertContextVersion":"1.0"
}
},
"schemaId":"azureMonitorCommonAlertSchema"
}
{
"data":{
"alertContext":{
"conditionType":"SingleResourceMultipleMetricCriteria",
"properties":null,
"condition":{
"windowStartTime":"2020-10-09T18:44:06.861Z",
"allOf":[
{
"dimensions":{
"value": "/SUBSCRIPTIONS/2CDFB689-1749-4931-A362-1930A6B88A7E/RESOURCEGROUPS/TOLLE-TMP/PROVIDERS/MICROSOFT.LOGIC/WORKFLOWS/TOLLE-FAILING-LOGICAPP",
"name": "ResourceId"
},
"timeAggregation":"Maximum",
"webTestName":null,
"operator":"GreaterThanOrEqual",
"metricValue":1.0,
"metricName":"RunsFailed",
"metricNamespace":"Microsoft.Logic/workflows",
"threshold":"1"
}
],
"windowEndTime":"2020-10-09T18:49:06.861Z",
"windowSize":"PT5M"
}
},
"essentials":{
"severity":"Sev3",
"resolvedDateTime":"2020-10-09T18:09:19.5930921Z",
"alertId":"/subscriptions/2cdfb689-1749-4931-a362-1930a6b88a7e/providers/Microsoft.AlertsManagement/alerts/a9cdd08f-98ee-4e2c-a1b1-ab0eedd0245b",
"alertTargetIDs":"/subscriptions/2cdfb689-1749-4931-a362-1930a6b88a7e/resourcegroups/tolle-tmp/providers/microsoft.logic/workflows/tolle-failing-logicapp",
"firedDateTime":"2020-10-09T18:02:19.8604547Z",
"alertRule":"Intended faiure",
"signalType":"Metric",
"monitoringService":"Platform",
"monitorCondition":"Resolved",
"essentialsVersion":"1.0",
"description":"As expected, tolle-failing-logicapp",
"originAlertId":"2cdfb689-1749-4931-a362-1930a6b88a7e_tolle-tmp_microsoft.insights_metricAlerts_Intended faiure_-1312865823",
"alertContextVersion":"1.0"
}
},
"schemaId":"azureMonitorCommonAlertSchema"
}
//https://yuml.me/diagram/scruffy/class/draw
[Alert Rule]-1[Scope|(Failing Resource)]
[Alert Rule]-1[Condition]
[Alert Rule]*-*[Action Group]
[Alert Rule]-1[Details|Name;Description]
$body = "{'text':'hello world'}"
$ct = 'application/json; charset=utf-8'
$uri = "https://outlook.office.com/webhook/6c15f246-4ad8-47a7-ac3c-8c3e4ff96e08@21a772a0-3ad8-483b-bef2-d9c28cfe5dff/IncomingWebhook/7d88ca6b0f7d417bb87d4f8ae8816760/1522ad47-6712-4e3b-b454-d1198e0287a8"
Invoke-RestMethod -Method POST -ContentType $ct -Body $body -Uri $uri
using namespace System.Net
param($Request, $TriggerMetadata)
$data = $Request.Body.data
$essentials = $data.essentials
$alertRule = $essentials.alertRule
$monitorCondition = $essentials.monitorCondition
$body = "{'text':'Alert $monitorCondition : $alertRule'}"
$ct = 'application/json; charset=utf-8'
$uri = "https://outlook.office.com/webhook/6c15f246-4ad8-47a7-ac3c-8c3e4ff96e08@21a772a0-3ad8-483b-bef2-d9c28cfe5dff/IncomingWebhook/7d88ca6b0f7d417bb87d4f8ae8816760/1522ad47-6712-4e3b-b454-d1198e0287a8"
Invoke-RestMethod -Method POST -ContentType $ct -Body $body -Uri $uri
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = "OK"
})
# the code is in https://dev.azure.com/skanskanordic/imc-o365-platform/_git/imc-azure-alerts
using namespace System.Net
param($Request, $TriggerMetadata)
$body = $Request.Body
$data = $body.data
$essentials = $data.essentials
$alertContext = $data.alertContext
$condition = $alertContext.condition
$dimensions = $condition.allOf.dimensions
$fired = (Get-Date $essentials.firedDateTime).ToString("yyyy-MM-dd HH:mm:ss UTC")
$alertRule = $essentials.alertRule
$severity = $essentials.severity
$description = $essentials.description
$metricName = $condition.allOf.metricName
# ONLY FIRE EVENT matters for now
if ($essentials.monitorCondition -eq "Fired") {
Write-Host "fired!"
$url = "https://portal.azure.com/#@/resource" + $essentials.alertTargetIds
$bodyAc = @"
{
"type": "message",
"attachments": [
{
"contentType": "application/vnd.microsoft.card.adaptive",
"contentUrl": null,
"content": {
"`$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"type": "AdaptiveCard",
"version": "1.2",
"body": [
{
"type": "ColumnSet",
"style": "emphasis",
"bleed": true,
"columns": [
{
"type": "Column",
"width": "auto",
"items": [
{
"type": "Image",
"url": "https://cdn.iconscout.com/icon/free/png-256/alert-87-267521.png",
"altText": "Profile picture",
"size": "Small",
"style": "Person"
}
]
},
{
"type": "Column",
"width": "stretch",
"items": [
{
"type": "TextBlock",
"size": "medium",
"weight": "bolder",
"text": "Azure Monitor Alert "
},
{
"type": "TextBlock",
"spacing": "None",
"text": "$fired",
"isSubtle": true,
"wrap": true
}
]
}
]
},
{
"type": "TextBlock",
"text": "This is an example from the guide on setting up your first Azure Alert guide by @mirontoli",
"wrap": true
},
{
"type": "FactSet",
"spacing": "large",
"facts": [
{
"title": "Alert Rule",
"value": "$alertRule"
},
{
"title": "Severity",
"value": "$severity"
},
{
"title": "Description",
"value": "$description"
},
{
"title": "Metric name",
"value": "$metricName"
}
]
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "Application in Azure",
"url": "$url"
}
]
}
}
]
}
"@ #the last "@ may not have white space before, don't try to prettify it
# tolle057 team -> General
$uri = "https://outlook.office.com/webhook/6c15f246-4ad8-47a7-ac3c-8c3e4ff96e08@21a772a0-3ad8-483b-bef2-d9c28cfe5dff/IncomingWebhook/7d88ca6b0f7d417bb87d4f8ae8816760/1522ad47-6712-4e3b-b454-d1198e0287a8"
# Send Adaptive Card to Teams Channel
Invoke-RestMethod -Method post -ContentType 'application/json; charset=utf-8' -Body $bodyAc -Uri $uri
}
else {
Write-Host "monitorCondition: " + $essentials.monitorCondition
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = "OK"
})
  • $Request.Body.data.essentials
    • .alertRule (name)
    • .monitorCondition ("Fired" vs. "Resolved")
    • .firedDateTime (vs. resolvedDateTime)
    • .description
    • .severity
    • .alertTargetIDs (https://portal.azure.com/#@/resource + alertTargetIDs) (the logic app)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment