Activity Log Alerts - Update

Service:

Monitor

API Version:

2020-10-01

Updates 'tags' and 'enabled' fields in an existing Alert rule. This method is used to update the Alert rule tags, and to enable or disable the Alert rule. To update other fields use CreateOrUpdate operation.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/activityLogAlerts/{activityLogAlertName}?api-version=2020-10-01

URI Parameters

Name	In	Required	Type	Description
activityLogAlertName	path	True	string	The name of the Activity Log Alert rule.
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Type	Description
properties.enabled	boolean	Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated.
tags	object	The resource tags

Responses

Name	Type	Description
200 OK	ActivityLogAlertResource	An existing Activity Log Alert rule was successfully updated.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Patch an Activity Log Alert rule

Sample Request

HTTP

PATCH https://management.azure.com/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/activityLogAlerts/SampleActivityLogAlertRule?api-version=2020-10-01

{
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "properties": {
    "enabled": false
  }
}

Java

import com.azure.resourcemanager.monitor.models.AlertRulePatchObject;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for ActivityLogAlerts Update.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/monitor/resource-manager/Microsoft.Insights/stable/2020-10-01/examples/ActivityLogAlertRule_Update.
     * json
     */
    /**
     * Sample code: Patch an Activity Log Alert rule.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void patchAnActivityLogAlertRule(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogAlerts().updateWithResponse(
            "MyResourceGroup", "SampleActivityLogAlertRule", new AlertRulePatchObject()
                .withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder")).withEnabled(false),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2020-10-01/examples/ActivityLogAlertRule_Update.json
func ExampleActivityLogAlertsClient_Update() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewActivityLogAlertsClient().Update(ctx, "MyResourceGroup", "SampleActivityLogAlertRule", armmonitor.AlertRulePatchObject{
		Properties: &armmonitor.AlertRulePatchProperties{
			Enabled: to.Ptr(false),
		},
		Tags: map[string]*string{
			"key1": to.Ptr("value1"),
			"key2": to.Ptr("value2"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ActivityLogAlertResource = armmonitor.ActivityLogAlertResource{
	// 	Name: to.Ptr("SampleActivityLogAlertRule"),
	// 	Type: to.Ptr("Microsoft.Insights/ActivityLogAlerts"),
	// 	ID: to.Ptr("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/microsoft.insights/activityLogAlerts/SampleActivityLogAlertRule"),
	// 	Location: to.Ptr("Global"),
	// 	Tags: map[string]*string{
	// 		"key1": to.Ptr("value1"),
	// 		"key2": to.Ptr("value2"),
	// 	},
	// 	Properties: &armmonitor.AlertRuleProperties{
	// 		Description: to.Ptr("Description of sample Activity Log Alert rule."),
	// 		Actions: &armmonitor.ActionList{
	// 			ActionGroups: []*armmonitor.ActionGroupAutoGenerated{
	// 				{
	// 					ActionGroupID: to.Ptr("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/microsoft.insights/actionGroups/SampleActionGroup"),
	// 					WebhookProperties: map[string]*string{
	// 						"sampleWebhookProperty": to.Ptr("SamplePropertyValue"),
	// 					},
	// 			}},
	// 		},
	// 		Condition: &armmonitor.AlertRuleAllOfCondition{
	// 			AllOf: []*armmonitor.AlertRuleAnyOfOrLeafCondition{
	// 				{
	// 					Equals: to.Ptr("Administrative"),
	// 					Field: to.Ptr("category"),
	// 				},
	// 				{
	// 					Equals: to.Ptr("Error"),
	// 					Field: to.Ptr("level"),
	// 			}},
	// 		},
	// 		Enabled: to.Ptr(false),
	// 		Scopes: []*string{
	// 			to.Ptr("/subscriptions/187f412d-1758-44d9-b052-169e2564721d")},
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Updates 'tags' and 'enabled' fields in an existing Alert rule. This method is used to update the Alert rule tags, and to enable or disable the Alert rule. To update other fields use CreateOrUpdate operation.
 *
 * @summary Updates 'tags' and 'enabled' fields in an existing Alert rule. This method is used to update the Alert rule tags, and to enable or disable the Alert rule. To update other fields use CreateOrUpdate operation.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2020-10-01/examples/ActivityLogAlertRule_Update.json
 */
async function patchAnActivityLogAlertRule() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "187f412d-1758-44d9-b052-169e2564721d";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "MyResourceGroup";
  const activityLogAlertName = "SampleActivityLogAlertRule";
  const activityLogAlertRulePatch = {
    enabled: false,
    tags: { key1: "value1", key2: "value2" },
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.activityLogAlerts.update(
    resourceGroupName,
    activityLogAlertName,
    activityLogAlertRulePatch,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Monitor;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2020-10-01/examples/ActivityLogAlertRule_Update.json
// this example is just showing the usage of "ActivityLogAlerts_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ActivityLogAlertResource created on azure
// for more information of creating ActivityLogAlertResource, please refer to the document of ActivityLogAlertResource
string subscriptionId = "187f412d-1758-44d9-b052-169e2564721d";
string resourceGroupName = "MyResourceGroup";
string activityLogAlertName = "SampleActivityLogAlertRule";
ResourceIdentifier activityLogAlertResourceId = ActivityLogAlertResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, activityLogAlertName);
ActivityLogAlertResource activityLogAlert = client.GetActivityLogAlertResource(activityLogAlertResourceId);

// invoke the operation
ActivityLogAlertPatch patch = new ActivityLogAlertPatch()
{
    Tags =
    {
    ["key1"] = "value1",
    ["key2"] = "value2",
    },
    IsEnabled = false,
};
ActivityLogAlertResource result = await activityLogAlert.UpdateAsync(patch);

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ActivityLogAlertData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/microsoft.insights/activityLogAlerts/SampleActivityLogAlertRule",
  "type": "Microsoft.Insights/ActivityLogAlerts",
  "name": "SampleActivityLogAlertRule",
  "location": "Global",
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "properties": {
    "scopes": [
      "/subscriptions/187f412d-1758-44d9-b052-169e2564721d"
    ],
    "condition": {
      "allOf": [
        {
          "field": "category",
          "equals": "Administrative"
        },
        {
          "field": "level",
          "equals": "Error"
        }
      ]
    },
    "actions": {
      "actionGroups": [
        {
          "actionGroupId": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/microsoft.insights/actionGroups/SampleActionGroup",
          "webhookProperties": {
            "sampleWebhookProperty": "SamplePropertyValue"
          }
        }
      ]
    },
    "enabled": false,
    "description": "Description of sample Activity Log Alert rule."
  }
}

Definitions

Name	Description
ActionGroup	A pointer to an Azure Action Group.
ActionList	A list of Activity Log Alert rule actions.
ActivityLogAlertResource	An Activity Log Alert rule resource.
AlertRuleAllOfCondition	An Activity Log Alert rule condition that is met when all its member conditions are met.
AlertRuleAnyOfOrLeafCondition	An Activity Log Alert rule condition that is met when all its member conditions are met. Each condition can be of one of the following types: Important: Each type has its unique subset of properties. Properties from different types CANNOT exist in one condition. Leaf Condition - must contain 'field' and either 'equals' or 'containsAny'. Please note, 'anyOf' should not be set in a Leaf Condition. AnyOf Condition - must contain only 'anyOf' (which is an array of Leaf Conditions). Please note, 'field', 'equals' and 'containsAny' should not be set in an AnyOf Condition.
AlertRuleLeafCondition	An Activity Log Alert rule condition that is met by comparing the field and value of an Activity Log event. This condition must contain 'field' and either 'equals' or 'containsAny'.
AlertRulePatchObject	An Activity Log Alert rule object for the body of patch operations.
ErrorResponse	The error response.

ActionGroup

A pointer to an Azure Action Group.

Name	Type	Description
actionGroupId	string	The resource ID of the Action Group. This cannot be null or empty.
webhookProperties	object	the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload.

ActionList

A list of Activity Log Alert rule actions.

Name	Type	Description
actionGroups	ActionGroup[]	The list of the Action Groups.

ActivityLogAlertResource

An Activity Log Alert rule resource.

Name	Type	Default Value	Description
id	string		The resource Id.
location	string	global	The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions.
name	string		The name of the resource.
properties.actions	ActionList		The actions that will activate when the condition is met.
properties.condition	AlertRuleAllOfCondition		The condition that will cause this alert to activate.
properties.description	string		A description of this Activity Log Alert rule.
properties.enabled	boolean	True	Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated.
properties.scopes	string[]		A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item.
tags	object		The tags of the resource.
type	string		The type of the resource.

AlertRuleAllOfCondition

An Activity Log Alert rule condition that is met when all its member conditions are met.

Name	Type	Description
allOf	AlertRuleAnyOfOrLeafCondition[]	The list of Activity Log Alert rule conditions.

AlertRuleAnyOfOrLeafCondition

An Activity Log Alert rule condition that is met when all its member conditions are met. Each condition can be of one of the following types: Important: Each type has its unique subset of properties. Properties from different types CANNOT exist in one condition.

• Leaf Condition - must contain 'field' and either 'equals' or 'containsAny'. Please note, 'anyOf' should not be set in a Leaf Condition.
• AnyOf Condition - must contain only 'anyOf' (which is an array of Leaf Conditions). Please note, 'field', 'equals' and 'containsAny' should not be set in an AnyOf Condition.

Name	Type	Description
anyOf	AlertRuleLeafCondition[]	An Activity Log Alert rule 'anyOf' condition. An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met.
containsAny	string[]	The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met.
equals	string	The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met.
field	string	The name of the Activity Log event's field that this condition will examine. The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.

AlertRuleLeafCondition

An Activity Log Alert rule condition that is met by comparing the field and value of an Activity Log event. This condition must contain 'field' and either 'equals' or 'containsAny'.

Name	Type	Description
containsAny	string[]	The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met.
equals	string	The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met.
field	string	The name of the Activity Log event's field that this condition will examine. The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.

AlertRulePatchObject

An Activity Log Alert rule object for the body of patch operations.

Name	Type	Default Value	Description
properties.enabled	boolean	True	Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated.
tags	object		The resource tags

ErrorResponse

The error response.

Name	Type	Description
code	string	The error code.
message	string	The error message indicating why the operation failed.