Create alerts in Azure Monitor for Azure services - PowerShell
This article shows you how to set up Azure alerts using PowerShell.
You can receive an alert based on monitoring metrics for, or events on, your Azure services.
- Metric values - The alert triggers when the value of a specified metric crosses a threshold you assign in either direction. That is, it triggers both when the condition is first met and then afterwards when that condition is no longer being met.
- Activity log events - An alert can trigger on every event, or, only when a certain number of events occur.
You can configure an alert to do the following when it triggers:
- send email notifications to the service administrator and co-administrators
- send email to additional emails that you specify.
- call a webhook
- start execution of an Azure runbook (only from the Azure portal)
You can configure and get information about alert rules using
For additional information, you can always type
Get-Help and then the PowerShell command you want help on.
Create alert rules in PowerShell
Log in to Azure.
Get a list of the subscriptions you have available. Verify that you are working with the right subscription. If not, set it to the right one using the output from
Get-AzureRmSubscription Get-AzureRmContext Set-AzureRmContext -SubscriptionId <subscriptionid>
To list existing rules on a resource group, use the following command:
Get-AzureRmAlertRule -ResourceGroup <myresourcegroup> -DetailedOutput
To create a rule, you need to have several important pieces of information first.
- The Resource ID for the resource you want to set an alert for
The metric definitions available for that resource
One way to get the Resource ID is to use the Azure portal. Assuming the resource is already created, select it in the portal. Then in the next blade, select Properties under the Settings section. RESOURCE ID is a field in the next blade. Another way is to use the Azure Resource Explorer.
An example Resource ID for a web app is
You can use
Get-AzureRmMetricDefinitionto view the list of all metric definitions for a specific resource.
Get-AzureRmMetricDefinition -ResourceId <resource_id>
The following example generates a table with the metric Name and the Unit for that metric.
Get-AzureRmMetricDefinition -ResourceId <resource_id> | Format-Table -Property Name,Unit
A full list of available options for Get-AzureRmMetricDefinition is available by running Get-MetricDefinitions.
The following example sets up an alert on a web site resource. The alert triggers whenever it consistently receives any traffic for 5 minutes and again when it receives no traffic for 5 minutes.
Add-AzureRmMetricAlertRule -Name myMetricRuleWithWebhookAndEmail -Location "East US" -ResourceGroup myresourcegroup -TargetResourceId /subscriptions/dededede-7aa0-407d-a6fb-eb20c8bd1192/resourceGroups/myresourcegroupname/providers/Microsoft.Web/sites/mywebsitename -MetricName "BytesReceived" -Operator GreaterThan -Threshold 2 -WindowSize 00:05:00 -TimeAggregationOperator Total -Description "alert on any website activity"
To create webhook or send email when an alert triggers, first create the email and/or webhooks. Then immediately create the rule afterwards with the -Actions tag and as shown in the following example. You cannot associate webhook or emails with already created rules via PowerShell.
$actionEmail = New-AzureRmAlertRuleEmail -CustomEmail firstname.lastname@example.org $actionWebhook = New-AzureRmAlertRuleWebhook -ServiceUri https://www.contoso.com?token=mytoken Add-AzureRmMetricAlertRule -Name myMetricRuleWithWebhookAndEmail -Location "East US" -ResourceGroup myresourcegroup -TargetResourceId /subscriptions/dededede-7aa0-407d-a6fb-eb20c8bd1192/resourceGroups/myresourcegroupname/providers/Microsoft.Web/sites/mywebsitename -MetricName "BytesReceived" -Operator GreaterThan -Threshold 2 -WindowSize 00:05:00 -TimeAggregationOperator Total -Actions $actionEmail, $actionWebhook -Description "alert on any website activity"
To create an alert that triggers on a specific condition in the activity log, use commands of the following form
$actionEmail = New-AzureRmAlertRuleEmail -CustomEmail email@example.com $actionWebhook = New-AzureRmAlertRuleWebhook -ServiceUri https://www.contoso.com?token=mytoken Add-AzureRmLogAlertRule -Name myLogAlertRule -Location "East US" -ResourceGroup myresourcegroup -OperationName microsoft.web/sites/start/action -Status Succeeded -TargetResourceGroup resourcegroupbeingmonitored -Actions $actionEmail, $actionWebhook
The -OperationName corresponds to a type of event in the activity log. Examples include Microsoft.Compute/virtualMachines/delete and microsoft.insights/diagnosticSettings/write.
You can use the PowerShell command Get-AzureRmProviderOperation to obtain a list of possible operationNames. Alternately, you can use the Azure portal to query the Activity log and find specific past operations that you want to create an alert for. The operations shown in the graphic log view of the friendly names. Look in the JSON for the entry and pull out the OperationName value.
Verify that your alerts have been created properly by looking at the individual rules.
Get-AzureRmAlertRule -Name myMetricRuleWithWebhookAndEmail -ResourceGroup myresourcegroup -DetailedOutput Get-AzureRmAlertRule -Name myLogAlertRule -ResourceGroup myresourcegroup -DetailedOutput
Delete your alerts. These commands delete the rules created previously in this article.
Remove-AzureRmAlertRule -ResourceGroup myresourcegroup -Name myrule Remove-AzureRmAlertRule -ResourceGroup myresourcegroup -Name myMetricRuleWithWebhookAndEmail Remove-AzureRmAlertRule -ResourceGroup myresourcegroup -Name myLogAlertRule
- Get an overview of Azure monitoring including the types of information you can collect and monitor.
- Learn more about configuring webhooks in alerts.
- Learn more about Azure Automation Runbooks.
- Get an overview of collecting diagnostic logs to collect detailed high-frequency metrics on your service.
- Get an overview of metrics collection to make sure your service is available and responsive.