您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

从旧的 Log Analytics 警报 API 升级到当前日志警报 APIUpgrade to the current Log Alerts API from legacy Log Analytics Alert API

备注

本文仅适用于 Azure 公共 (不适 用于 azure 政府版或 azure 中国云) 。This article is only relevant to Azure public (not to Azure Government or Azure China cloud).

备注

用户选择将首选项切换到当前 SCHEDULEDQUERYRULES api 后,便无法还原到较旧的 旧 Log Analytics 警报 APIOnce a user chooses to switch preference to the current scheduledQueryRules API it is not possible to revert back to the older legacy Log Analytics Alert API.

过去,用户使用 旧 Log Analytics 警报 API 来管理日志警报规则。In the past, users used the legacy Log Analytics Alert API to manage log alert rules. 当前工作区使用 SCHEDULEDQUERYRULES APICurrent workspaces use ScheduledQueryRules API. 本文介绍从旧 API 切换到当前 API 的优点和过程。This article describes the benefits and the process of switching from the legacy API to the current API.

好处Benefits

  • 用于创建警报规则的单个模板 (以前需要三个单独的模板) 。Single template for creation of alert rules (previously needed three separate templates).
  • Log Analytics 工作区或 Application Insights 资源的单个 API。Single API for both Log Analytics workspaces or Application Insights resources.
  • PowerShell cmdlet 支持PowerShell cmdlets support.
  • 与所有其他警报类型的严重性对齐。Alignment of severities with all other alert types.
  • 能够创建跨多个外部资源(如 Log Analytics 工作区或 Application Insights 资源)的 跨工作区日志警报Ability to create cross workspace log alert that span several external resources like Log Analytics workspaces or Application Insights resources.
  • 用户可以通过使用 "聚合 On" 参数来指定要拆分警报的维度。Users can specify dimensions to split the alerts by using the 'Aggregate On' parameter.
  • 日志警报的持续时间最长为两天,数据 (之前限制为一天) 。Log alerts have extended period of up to two days of data (previously limited to one day).

影响Impact

  • 必须通过当前 API 创建/编辑所有新规则。All new rules must be created/edited with the current API. 请参阅 通过 Azure 资源模板使用的示例 ,以及 通过 PowerShell 使用的示例See sample use via Azure Resource Template and sample use via PowerShell.
  • 当规则成为 Azure 资源管理器跟踪当前 API 中的资源,并且必须是唯一的,规则资源 ID 将更改为以下结构: <WorkspaceName>|<savedSearchId>|<scheduleId>|<ActionId>As rules become Azure Resource Manager tracked resources in the current API and must be unique, rules resource ID will change to this structure: <WorkspaceName>|<savedSearchId>|<scheduleId>|<ActionId>. 警报规则的显示名称将保持不变。Display names of the alert rule will remain unchanged.

进程Process

在大多数情况下,切换过程不是交互式的,不需要手动步骤。The process of switching isn't interactive and doesn't require manual steps, in most cases. 警报规则在交换机期间或之后不会停止或停止。Your alert rules aren't stopped or stalled, during or after the switch. 执行此调用可切换与特定 Log Analytics 工作区关联的所有警报规则:Do this call to switch all alert rules associated with the specific Log Analytics workspace:

PUT /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview

包含以下 JSON 的请求正文:With request body containing the below JSON:

{
    "scheduledQueryRulesEnabled" : true
}

下面是使用 ARMClient(一个开源命令行工具)的示例,该工具简化了上述 API 调用的调用:Here is an example of using ARMClient, an open-source command-line tool, that simplifies invoking the above API call:

$switchJSON = '{"scheduledQueryRulesEnabled": "true"}'
armclient PUT /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview $switchJSON

如果开关成功,响应为:If the switch is successful, the response is:

{
    "version": 2,
    "scheduledQueryRulesEnabled" : true
}

检查工作区的切换状态Check switching status of workspace

你还可以使用此 API 调用来检查交换机状态:You can also use this API call to check the switch status:

GET /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview

还可以使用 ARMClient 工具:You can also use ARMClient tool:

armclient GET /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/alertsversion?api-version=2017-04-26-preview

如果 Log Analytics 工作区切换到 SCHEDULEDQUERYRULES API,响应为:If the Log Analytics workspace was switched to scheduledQueryRules API, the response is:

{
    "version": 2,
    "scheduledQueryRulesEnabled" : true
}

如果未切换 Log Analytics 工作区,则响应为:If the Log Analytics workspace wasn't switched, the response is:

{
    "version": 2,
    "scheduledQueryRulesEnabled" : false
}

后续步骤Next steps