Alerts - Get Summary

Get a summarized count of your alerts grouped by various parameters (e.g. grouping by 'Severity' returns the count of alerts for each severity).

GET https://management.azure.com/{scope}/providers/Microsoft.AlertsManagement/alertsSummary?groupby={groupby}&api-version=2023-07-12-preview
GET https://management.azure.com/{scope}/providers/Microsoft.AlertsManagement/alertsSummary?groupby={groupby}&includeSmartGroupsCount={includeSmartGroupsCount}&targetResource={targetResource}&targetResourceType={targetResourceType}&targetResourceGroup={targetResourceGroup}&monitorService={monitorService}&monitorCondition={monitorCondition}&severity={severity}&alertState={alertState}&alertRule={alertRule}&timeRange={timeRange}&customTimeRange={customTimeRange}&api-version=2023-07-12-preview

URI Parameters

Name In Required Type Description
scope
path True

string

scope here is resourceId for which alert is created.

api-version
query True

string

The API version to use for this operation.

groupby
query True

AlertsSummaryGroupByFields

This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate.

alertRule
query

string

Filter by specific alert rule. Default value is to select all.

alertState
query

AlertState

Filter by state of the alert instance. Default value is to select all.

customTimeRange
query

string

Filter by custom time range in the format / where time is in (ISO-8601 format)'. Permissible values is within 30 days from query time. Either timeRange or customTimeRange could be used but not both. Default is none.

includeSmartGroupsCount
query

boolean

Include count of the SmartGroups as part of the summary. Default value is 'false'.

monitorCondition
query

MonitorCondition

Filter by monitor condition which is either 'Fired' or 'Resolved'. Default value is to select all.

monitorService
query

MonitorService

Filter by monitor service which generates the alert instance. Default value is select all.

severity
query

Severity

Filter by severity. Default value is select all.

targetResource
query

string

Filter by target resource( which is full ARM ID) Default value is select all.

targetResourceGroup
query

string

Filter by target resource group name. Default value is select all.

targetResourceType
query

string

Filter by target resource type. Default value is select all.

timeRange
query

TimeRange

Filter by time range by below listed values. Default value is 1 day.

Responses

Name Type Description
200 OK

alertsSummary

OK. Alert summary returned.

Other Status Codes

errorResponse

Error response describing why the operation failed.

Examples

Summary

Sample Request

GET https://management.azure.com/subscriptions/1e3ff1c0-771a-4119-a03b-be82a51e232d/providers/Microsoft.AlertsManagement/alertsSummary?groupby=severity,alertState&api-version=2023-07-12-preview

Sample Response

{
  "properties": {
    "groupedby": "severity",
    "smartGroupsCount": 100,
    "total": 14189,
    "values": [
      {
        "name": "Sev0",
        "count": 6517,
        "groupedby": "alertState",
        "values": [
          {
            "name": "New",
            "count": 6517
          },
          {
            "name": "Acknowledged",
            "count": 0
          },
          {
            "name": "Closed",
            "count": 0
          }
        ]
      },
      {
        "name": "Sev1",
        "count": 3175,
        "groupedby": "alertState",
        "values": [
          {
            "name": "New",
            "count": 3175
          },
          {
            "name": "Acknowledged",
            "count": 0
          },
          {
            "name": "Closed",
            "count": 0
          }
        ]
      },
      {
        "name": "Sev2",
        "count": 1120,
        "groupedby": "alertState",
        "values": [
          {
            "name": "New",
            "count": 1120
          },
          {
            "name": "Acknowledged",
            "count": 0
          },
          {
            "name": "Closed",
            "count": 0
          }
        ]
      },
      {
        "name": "Sev3",
        "count": 1902,
        "groupedby": "alertState",
        "values": [
          {
            "name": "New",
            "count": 1902
          },
          {
            "name": "Acknowledged",
            "count": 0
          },
          {
            "name": "Closed",
            "count": 0
          }
        ]
      },
      {
        "name": "Sev4",
        "count": 1475,
        "groupedby": "alertState",
        "values": [
          {
            "name": "New",
            "count": 1475
          },
          {
            "name": "Acknowledged",
            "count": 0
          },
          {
            "name": "Closed",
            "count": 0
          }
        ]
      }
    ]
  },
  "id": "/subscriptions/1e3ff1c0-771a-4119-a03b-be82a51e232d/providers/Microsoft.AlertsManagement/alertsSummary/current",
  "type": "Microsoft.AlertsManagement/alertsSummary",
  "name": "current"
}

Definitions

Name Description
alertsSummary

Summary of alerts based on the input filters and 'groupby' parameters.

alertsSummaryGroup

Group the result set.

AlertsSummaryGroupByFields

This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate.

alertsSummaryGroupItem

Alerts summary group item

AlertState

Alert object state, which can be modified by the user.

errorResponse

An error response from the service.

errorResponseBody

Details of error response.

MonitorCondition

Condition of the rule at the monitor service. It represents whether the underlying conditions have crossed the defined alert rule thresholds.

MonitorService

Monitor service on which the rule(monitor) is set.

Severity

Severity of alert Sev0 being highest and Sev4 being lowest.

TimeRange

Filter by time range by below listed values. Default value is 1 day.

alertsSummary

Summary of alerts based on the input filters and 'groupby' parameters.

Name Type Description
id

string

Azure resource Id

name

string

Azure resource name

properties

alertsSummaryGroup

Group the result set.

type

string

Azure resource type

alertsSummaryGroup

Group the result set.

Name Type Description
groupedby

string

Name of the field aggregated

smartGroupsCount

integer

Total count of the smart groups.

total

integer

Total count of the result set.

values

alertsSummaryGroupItem[]

List of the items

AlertsSummaryGroupByFields

This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate.

Name Type Description
alertRule

string

alertState

string

monitorCondition

string

monitorService

string

severity

string

signalType

string

alertsSummaryGroupItem

Alerts summary group item

Name Type Description
count

integer

Count of the aggregated field

groupedby

string

Name of the field aggregated

name

string

Value of the aggregated field

values

alertsSummaryGroupItem[]

List of the items

AlertState

Alert object state, which can be modified by the user.

Name Type Description
Acknowledged

string

Closed

string

New

string

errorResponse

An error response from the service.

Name Type Description
error

errorResponseBody

Details of error response.

errorResponseBody

Details of error response.

Name Type Description
code

string

Error code, intended to be consumed programmatically.

details

errorResponseBody[]

A list of additional details about the error.

message

string

Description of the error, intended for display in user interface.

target

string

Target of the particular error, for example name of the property.

MonitorCondition

Condition of the rule at the monitor service. It represents whether the underlying conditions have crossed the defined alert rule thresholds.

Name Type Description
Fired

string

Resolved

string

MonitorService

Monitor service on which the rule(monitor) is set.

Name Type Description
ActivityLog Administrative

string

ActivityLog Autoscale

string

ActivityLog Policy

string

ActivityLog Recommendation

string

ActivityLog Security

string

Application Insights

string

Log Analytics

string

Nagios

string

Platform

string

Resource Health

string

SCOM

string

ServiceHealth

string

SmartDetector

string

VM Insights

string

Zabbix

string

Severity

Severity of alert Sev0 being highest and Sev4 being lowest.

Name Type Description
Sev0

string

Sev1

string

Sev2

string

Sev3

string

Sev4

string

TimeRange

Filter by time range by below listed values. Default value is 1 day.

Name Type Description
1d

string

1h

string

30d

string

7d

string