az monitor alert-processing-rule
Note
This reference is part of the alertsmanagement extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az monitor alert-processing-rule command. Learn more about extensions.
Manage alert processing rule with alertsmanagement.
Commands
| az monitor alert-processing-rule create |
Create an alert processing rule. |
| az monitor alert-processing-rule delete |
Delete an alert processing rule. |
| az monitor alert-processing-rule list |
List all alert processing rules in a subscription or resource group. |
| az monitor alert-processing-rule show |
Get an alert processing rule. |
| az monitor alert-processing-rule update |
Enable, disable, or update tags for an alert processing rule. |
az monitor alert-processing-rule create
Create an alert processing rule.
az monitor alert-processing-rule create --name
--resource-group
--rule-type {AddActionGroups, RemoveAllActionGroups}
--scopes
[--action-groups]
[--description]
[--enabled {false, true}]
[--filter-alert-context]
[--filter-alert-rule-description]
[--filter-alert-rule-id]
[--filter-alert-rule-name]
[--filter-monitor-condition]
[--filter-monitor-service]
[--filter-resource-group]
[--filter-resource-type]
[--filter-severity]
[--filter-signal-type]
[--filter-target-resource]
[--schedule-end-datetime]
[--schedule-recurrence]
[--schedule-recurrence-2]
[--schedule-recurrence-2-end-time]
[--schedule-recurrence-2-start-time]
[--schedule-recurrence-2-type {Daily, Monthly, Weekly}]
[--schedule-recurrence-end-time]
[--schedule-recurrence-start-time]
[--schedule-recurrence-type {Daily, Monthly, Weekly}]
[--schedule-start-datetime]
[--schedule-time-zone]
[--tags]Examples
Create or update a rule that adds an action group to all alerts in a subscription
az monitor alert-processing-rule create \
--name 'AddActionGroupToSubscription' \
--rule-type AddActionGroups \
--scopes "/subscriptions/MySubscriptionId" \
--action-groups "/subscriptions/MySubscriptionId/resourcegroups/MyResourceGroup1/providers/microsoft.insights/actiongroups/ActionGroup1" \
--enabled true \
--resource-group alertscorrelationrg \
--description "Add ActionGroup1 to all alerts in the subscription"Create or update a rule that adds two action groups to all Sev0 and Sev1 alerts in two resource groups
az monitor alert-processing-rule create \
--name 'AddActionGroupsBySeverity' \
--rule-type AddActionGroups \
--action-groups "/subscriptions/MySubscriptionId/resourcegroups/MyResourceGroup1/providers/microsoft.insights/actiongroups/MyActionGroupId1" "/subscriptions/MySubscriptionId/resourceGroups/MyResourceGroup2/providers/microsoft.insights/actionGroups/MyActionGroup2" \
--scopes "/subscriptions/MySubscriptionId" \
--resource-group alertscorrelationrg \
--filter-severity Equals Sev0 Sev1 \
--description "Add AGId1 and AGId2 to all Sev0 and Sev1 alerts in these resourceGroups"Create or update a rule that removes all action groups from alerts on a specific VM during a one-off maintenance window (1800-2000 at a specific date, Pacific Standard Time)
az monitor alert-processing-rule create \
--name 'RemoveActionGroupsMaintenanceWindow' \
--rule-type RemoveAllActionGroups \
--scopes "/subscriptions/MySubscriptionId/resourceGroups/MyResourceGroup1/providers/Microsoft.Compute/virtualMachines/VMName" \
--resource-group alertscorrelationrg \
--schedule-start-datetime '2022-01-02 18:00:00' \
--schedule-end-datetime '2022-01-02 20:00:00' \
--schedule-time-zone 'Pacific Standard Time' \
--description "Removes all ActionGroups from all Alerts on VMName during the maintenance window"Create or update a rule that removes all action groups from all alerts in a subscription coming from a specific alert rule
az monitor alert-processing-rule create \
--name 'RemoveActionGroupsSpecificAlertRule' \
--rule-type RemoveAllActionGroups \
--scopes "/subscriptions/MySubscriptionId" \
--resource-group alertscorrelationrg \
--filter-alert-rule-id Equals "/subscriptions/MySubscriptionId/resourceGroups/MyResourceGroup1/providers/microsoft.insights/activityLogAlerts/RuleName" \
--description "Removes all ActionGroups from all Alerts that fire on above AlertRule"Create or update a rule that removes all action groups from all alerts on any VM in two resource groups during a recurring maintenance window (2200-0400 every Sat and Sun, India Standard Time)
az monitor alert-processing-rule create \
--name 'RemoveActionGroupsRecurringMaintenance' \
--rule-type RemoveAllActionGroups \
--scopes "/subscriptions/MySubscriptionId/resourceGroups/MyResourceGroup1" "/subscriptions/MySubscriptionId/resourceGroups/MyResourceGroup2" \
--resource-group alertscorrelationrg \
--filter-resource-type Equals "microsoft.compute/virtualmachines" \
--schedule-time-zone "India Standard Time" \
--schedule-recurrence-type Weekly \
--schedule-recurrence-start-time "22:00:00" \
--schedule-recurrence-end-time "04:00:00" \
--schedule-recurrence Sunday Saturday \
--description "Remove all ActionGroups from all Virtual machine Alerts during the recurring maintenance"Create or update a rule that removes all action groups outside business hours (Mon-Fri 09:00-17:00, Eastern Standard Time)
az monitor alert-processing-rule create \
--name 'RemoveActionGroupsOutsideBusinessHours' \
--rule-type RemoveAllActionGroups \
--scopes "/subscriptions/MySubscriptionId" \
--resource-group alertscorrelationrg \
--schedule-time-zone "Eastern Standard Time" \
--schedule-recurrence-type Daily \
--schedule-recurrence-start-time "17:00:00" \
--schedule-recurrence-end-time "09:00:00" \
--schedule-recurrence-2-type Weekly \
--schedule-recurrence-2 Saturday Sunday \
--description "Remove all ActionGroups outside business hours"Required Parameters
Name of the alert processing rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Indicate type of the alert processing rule.
List of resource IDs (space-delimited) for scope. The rule will apply to alerts that fired on resources within that scope.
Optional Parameters
List of resource ids (space-delimited) of action groups to add. A use of this argument requires that rule-type is AddActionGroups.
Description of the alert processing rule.
Indicate if the given alert processing rule is enabled or disabled (default is enabled).
Filter alerts by alert context (payload).
Filter alerts by alert rule description.
Filter alerts by alert ID.
Filter alerts by alert rule name.
Filter alerts by monitor condition.
Filter alerts by monitor service.
Filter alerts by resource group.
Filter alerts by resource type.
Filter alerts by severity <Sev0, Sev1, Sev2, Sev3, Sev4>.
Filter alerts by signal type.
Filter alerts by resource.
End date for the rule. Format: 'YYYY-MM-DD hh:mm:ss'.
List of recurrence pattern values.
List of recurrence pattern values for the second recurrence pattern.
End time for each recurrence. Format: hh:mm:ss.
Start time for each recurrence. Format: hh:mm:ss.
Specifies when the processing rule should be applied. Default to Always.
End time for each recurrence. Format: 'hh:mm:ss'.
Start time for each recurrence. Format: 'hh:mm:ss'.
Specifies when the processing rule should be applied.
Start date for the rule. Format: 'YYYY-MM-DD hh:mm:ss'.
Schedule time zone.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor alert-processing-rule delete
Delete an alert processing rule.
az monitor alert-processing-rule delete --name
--resource-group
[--yes]Examples
Delete an alert processing rule.
az monitor alert-processing-rule delete \
--resource-group myResourceGroup \
--name myRuleNameRequired Parameters
Name of the alert processing rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Do not prompt for confirmation.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor alert-processing-rule list
List all alert processing rules in a subscription or resource group.
az monitor alert-processing-rule list [--resource-group]Examples
List all alert processing rules in current subscription
az monitor alert-processing-rule listList all alert processing rules in a resource group
az monitor alert-processing-rule list \
--resource-group myResourceGroupOptional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor alert-processing-rule show
Get an alert processing rule.
az monitor alert-processing-rule show --name
--resource-groupExamples
Get an alert processing rule by name
az monitor alert-processing-rule show \
--name myRuleName \
--resource-group myRuleNameResourceGroupGet alerts processing rule by ids
az monitor alert-processing-rule show \
--ids ruleId1 ruleId2Required Parameters
Name of the alert processing rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor alert-processing-rule update
Enable, disable, or update tags for an alert processing rule.
az monitor alert-processing-rule update --name
--resource-group
[--add]
[--enabled {false, true}]
[--force-string]
[--remove]
[--set]
[--tags]Examples
PatchAlertProcessingRule
az monitor alert-processing-rule update \
--name "WeeklySuppression" \
--enabled false \
--tags key1="value1" key2="value2" --resource-group "alertscorrelationrg"Required Parameters
Name of the alert processing rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Indicate if the given processing rule is enabled or disabled (values are True and False).
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Submit and view feedback for