一般警示結構描述
常見的警示結構描述會將 Azure 監視器警示通知的使用量標準化。 在過去,活動記錄、計量和記錄搜尋警示各自有自己的電子郵件範本和 Webhook 結構描述。 常見的警示結構描述會為所有警示通知提供一個標準化的結構描述。
使用標準化結構描述有助於將整合數目降至最低,以簡化管理和維護整合的程序。 通用結構描述可在 Azure 入口網站和 Azure 行動應用程式中提供更豐富的警示使用量體驗。
常見的警示結構描述會為下列項目提供一致的結構:
- 電子郵件範本:使用詳細的電子郵件範本來一目了然地診斷問題。 入口網站上警示執行個體的內嵌連結,以及受影響的資源,可確保您可以快速跳入補救程序。
- JSON 結構:使用一致的 JSON 結構,為所有使用下列項目的警示類型建置整合:
- Azure Logic 應用程式
- Azure Functions
- Azure 自動化 Runbook
注意
- VM 深入解析產生的警示不支援通用結構描述。
- 智慧偵測警示預設會使用通用結構描述。 智慧偵測警示不需要啟用通用結構描述。
通用結構描述的結構
通用結構描述包含受影響資源的相關資訊,並在下列各節說明警示的原因:
基本資訊:所有警示型別使用的標準化欄位,說明受警示影響的資源和一般警示中繼資料,例如嚴重性或描述。
如果您想要根據資源群組等準則,將警示執行個體路由傳送至特定小組,您可以使用 [基本資訊] 區段中的欄位,提供所有警示型別的路由邏輯。 然後,接收警示通知的小組可以使用內容欄位進行調查。
警示內容:欄位會隨著警示型別而有所不同。 警示內容欄位說明警示的原因。 例如,計量警示欄位的警示顯示提供計量名稱和計量值。 活動記錄警示會顯示產生警示的事件資訊。
自訂屬性:預設不在警示承載中的其他資訊,可以使用自訂屬性加入警示承載中。 自訂屬性是機碼值組,可包含警示規則中設定的任何資訊。
範例警示承載
{
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/<subscription ID>/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
"alertRule": "WCUS-R2-Gen2",
"severity": "Sev3",
"signalType": "Metric",
"monitorCondition": "Resolved",
"monitoringService": "Platform",
"alertTargetIDs": [
"/subscriptions/<subscription ID>/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
],
"configurationItems": [
"wcus-r2-gen2"
],
"originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
"firedDateTime": "2019-03-22T13:58:24.3713213Z",
"resolvedDateTime": "2019-03-22T14:03:16.2246313Z",
"description": "",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": null,
"conditionType": "SingleResourceMultipleMetricCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Percentage CPU",
"metricNamespace": "Microsoft.Compute/virtualMachines",
"operator": "GreaterThan",
"threshold": "25",
"timeAggregation": "Average",
"dimensions": [
{
"name": "ResourceId",
"value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
}
],
"metricValue": 7.727
}
]
}
},
"customProperties": {
"Key1": "Value1",
"Key2": "Value2"
}
}
}
如需使用通用結構描述的範例警示,請參閱範例警示承載。
基本資訊欄位
| 欄位 | 描述 |
|---|---|
| alertId | 識別警示執行個體的唯一資源識別碼。 |
| alertRule | 產生警示執行個體的警示規則名稱。 |
| 嚴重性 | 警示的嚴重性。 可能的值為 Sev0、Sev1、Sev2、Sev3 或 Sev4。 |
| signalType | 識別已定義警示規則的訊號。 可能的值為計量、記錄或活動記錄。 |
| monitorCondition | 警示引發時,警示的監視條件會設定為 [已引發]。 當導致引發警示的根本條件清除時,監視條件就會設定為 [已解決]。 |
| monitoringService | 產生警示的監視服務或解決方案。 監視服務會決定警示內容中的欄位。 |
| alertTargetIDs | 警示受影響目標的 Azure Resource Manager 識別碼清單。 對於 Log Analytics 工作區或 Application Insights 執行個體上定義的記錄搜尋警示而言,這是各自的工作區或應用程式。 |
| configurationItems | 警示的受影響資源清單。 在部分案例中,設定項目可與警示目標不同。 例如,在 Log Analytics 工作區上定義的記錄計量或記錄搜尋警示中,設定項目是傳送遙測的實際資源,而不是工作區。
configurationItems 欄位是用來將警示與組態管理資料庫中的資源相互關聯。 |
| originAlertId | 警示執行個體的識別碼,由產生該執行個體的監視服務所產生。 |
| firedDateTime | 引發警示執行個體時的日期和時間 (採用國際標準時間 (UTC))。 |
| resolvedDateTime | 警示執行個體的監視條件設為 [已解決] 時的日期和時間 (採用 UTC)。 目前僅適用於計量警示。 |
| description | 描述,如警示規則中所定義。 |
| essentialsVersion | [基本資訊] 區段的版本號碼。 |
| alertContextVersion | alertContext 區段的版本號碼。 |
計量警示的警示內容欄位
| 欄位 | 描述 |
|---|---|
| 內容 | (選擇性。)客戶定義的屬性集合。 |
| conditionType | 針對警示規則選取的條件型別: - 靜態閾值 - 動態閾值 - webtest |
| 條件 | |
| windowSize | 警示規則所分析的時間長度。 |
| allOf | 表示必須符合警示規則中定義的所有條件,才能觸發警示。 |
| alertSensitivity | 在具有動態閾值的警示規則中,表示規則的敏感程度,或值偏離上限或下限閾值的程度。 |
| failingPeriods | 在具有動態閾值的警示規則中,表示觸發警示的不符合警示閾值的評估期間次數。 例如,您可以指示過去五個評估期間中的 3 個不在警示閾值內時觸發警示。 |
| numberOfEvaluationPeriods | 評估總數。 |
| minFailingPeriodsToAlert | 不符合警示規則條件的評估數目下限。 |
| ignoreDataBefore | (選擇性。)在具有動態閾值的警示規則中,計算距離閾值的日期。 使用此值表示規則不應使用指定日期之前的資料來計算動態閾值。 |
| metricName | 警示規則所監視的計量名稱。 |
| metricNamespace | 警示規則所監視計量的命名空間。 |
| ! 運算子之後 | 警示規則的邏輯運算子。 |
| threshold | 警示規則中定義的閾值。 對於具有動態閾值的警示規則,此值是經過計算的閾值。 |
| timeAggregation | 警示規則的彙總型別。 |
| 尺寸 | 觸發警示的計量維度。 |
| NAME | 維度名稱。 |
| value | 維度值。 |
| metricValue | 違反閾值時的計量值。 |
| webTestName | 如果條件型別為 webtest,則為 webtest 的名稱。 |
| windowStartTime | 引發警示的評估時間範圍的開始時間。 |
| windowEndTime | 引發警示的評估時間範圍的結束時間。 |
monitoringService = Platform 時具有靜態閾值的範例計量警示
{
"alertContext": {
"properties": null,
"conditionType": "SingleResourceMultipleMetricCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Percentage CPU",
"metricNamespace": "Microsoft.Compute/virtualMachines",
"operator": "GreaterThan",
"threshold": "25",
"timeAggregation": "Average",
"dimensions": [
{
"name": "ResourceId",
"value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
}
],
"metricValue": 31.1105
}
],
"windowStartTime": "2019-03-22T13:40:03.064Z",
"windowEndTime": "2019-03-22T13:45:03.064Z"
}
}
}
monitoringService = Platform 時具有動態閾值的範例計量警示
{
"alertContext": {
"properties": null,
"conditionType": "DynamicThresholdCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"alertSensitivity": "High",
"failingPeriods": {
"numberOfEvaluationPeriods": 1,
"minFailingPeriodsToAlert": 1
},
"ignoreDataBefore": null,
"metricName": "Egress",
"metricNamespace": "microsoft.storage/storageaccounts",
"operator": "GreaterThan",
"threshold": "47658",
"timeAggregation": "Total",
"dimensions": [],
"metricValue": 50101
}
],
"windowStartTime": "2021-07-20T05:07:26.363Z",
"windowEndTime": "2021-07-20T05:12:26.363Z"
}
}
}
monitoringService = Platform 時可用性測試的範例計量警示
{
"alertContext": {
"properties": null,
"conditionType": "WebtestLocationAvailabilityCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Failed Location",
"metricNamespace": null,
"operator": "GreaterThan",
"threshold": "2",
"timeAggregation": "Sum",
"dimensions": [],
"metricValue": 5,
"webTestName": "myAvailabilityTest-myApplication"
}
],
"windowStartTime": "2019-03-22T13:40:03.064Z",
"windowEndTime": "2019-03-22T13:45:03.064Z"
}
}
}
記錄搜尋警示的警示內容欄位
注意
當您啟用通用結構描述時,承載中的欄位會重設為通用結構描述欄位。 因此,記錄搜尋警示對於通用結構描述有下列限制:
- 通用結構描述不支援使用 Webhook 與自訂電子郵件主旨和/或 JSON 承載的記錄搜尋警示,因為通用結構描述會覆寫自訂設定。
- 使用通用結構描述的警示的每個警示大小上限為 256 KB。 如果記錄搜尋警示承載所含的搜尋結果會造成警示超過大小上限,該搜尋結果就不會內嵌在記錄搜尋警示承載中。 您可以檢查承載所含的搜尋結果是否具有
IncludedSearchResults旗標。 若未包含搜尋結果,則透過 Log Analytics API 使用LinkToFilteredSearchResultsAPI或LinkToSearchResultsAPI來存取查詢結果。
| 欄位 | 描述 |
|---|---|
| SearchQuery | 警示規則中定義的查詢。 |
| SearchIntervalStartTimeUtc | 引發警示的評估時間範圍的開始時間 (以 UTC 表示)。 |
| SearchIntervalEndTimeUtc | 引發警示的評估時間範圍的結束時間 (以 UTC 表示)。 |
| ResultCount | 查詢傳回的記錄數目。 在計量測量規則中,符合特定維度組合的數字或記錄。 |
| LinkToSearchResults | 搜尋結果的連結。 |
| LinkToFilteredSearchResultsUI | 在計量測量規則中,經過維度組合篩選後的搜尋結果連結。 |
| LinkToSearchResultsAPI | 使用 Log Analytics API 的查詢結果連結。 |
| LinkToFilteredSearchResultsAPI | 在計量測量規則中,使用 Log Analytics API 並經過維度組合篩選後的搜尋結果連結。 |
| SearchIntervalDurationMin | 搜尋間隔中的分鐘總數。 |
| SearchIntervalInMin | 搜尋間隔中的分鐘總數。 |
| 臨界值 | 警示規則中定義的閾值。 |
| 運算子 | 警示規則中定義的運算子。 |
| ApplicationID | 觸發警示的 Application Insights 識別碼。 |
| 維度 | 在計量測量規則中,觸發警示的計量維度。 |
| NAME | 維度名稱。 |
| value | 維度值。 |
| SearchResults | 完整搜尋結果。 |
| table | 搜尋結果中的結果資料表。 |
| NAME | 搜尋結果中的資料表名稱。 |
| 欄 | 資料表中的資料行。 |
| NAME | 資料行名稱。 |
| type | 資料行的類型。 |
| rows | 資料表中的資料列。 |
| DataSources | 觸發警示的資料來源。 |
| resourceID | 受警示影響的資源識別碼。 |
| 資料表 | 包含在查詢中的草稿回應資料表。 |
| IncludedSearchResults | 指出承載是否應包含結果的旗標。 |
| AlertType | 警示型別: - 計量測量 - 結果數目 |
monitoringService = Log Analytics 時的範例記錄搜尋警示
{
"alertContext": {
"SearchQuery": "Perf | where ObjectName == \"Processor\" and CounterName == \"% Processor Time\" | summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 5m), Computer",
"SearchIntervalStartTimeUtc": "3/22/2019 1:36:31 PM",
"SearchIntervalEndtimeUtc": "3/22/2019 1:51:31 PM",
"ResultCount": 2,
"LinkToSearchResults": "https://portal.azure.com/#Analyticsblade/search/index?_timeInterval.intervalEnd=2018-03-26T09%3a10%3a40.0000000Z&_timeInterval.intervalDuration=3600&q=Usage",
"LinkToFilteredSearchResultsUI": "https://portal.azure.com/#Analyticsblade/search/index?_timeInterval.intervalEnd=2018-03-26T09%3a10%3a40.0000000Z&_timeInterval.intervalDuration=3600&q=Usage",
"LinkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/workspaceID/query?query=Heartbeat×pan=2020-05-07T18%3a11%3a51.0000000Z%2f2020-05-07T18%3a16%3a51.0000000Z",
"LinkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1/workspaces/workspaceID/query?query=Heartbeat×pan=2020-05-07T18%3a11%3a51.0000000Z%2f2020-05-07T18%3a16%3a51.0000000Z",
"SeverityDescription": "Warning",
"WorkspaceId": "12345a-1234b-123c-123d-12345678e",
"SearchIntervalDurationMin": "15",
"AffectedConfigurationItems": [
"INC-Gen2Alert"
],
"SearchIntervalInMinutes": "15",
"Threshold": 10000,
"Operator": "Less Than",
"Dimensions": [
{
"name": "Computer",
"value": "INC-Gen2Alert"
}
],
"SearchResults": {
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "$table",
"type": "string"
},
{
"name": "Computer",
"type": "string"
},
{
"name": "TimeGenerated",
"type": "datetime"
}
],
"rows": [
[
"Fabrikam",
"33446677a",
"2018-02-02T15:03:12.18Z"
],
[
"Contoso",
"33445566b",
"2018-02-02T15:16:53.932Z"
]
]
}
],
"dataSources": [
{
"resourceId": "/subscriptions/a5ea55e2-7482-49ba-90b3-60e7496dd873/resourcegroups/test/providers/microsoft.operationalinsights/workspaces/test",
"tables": [
"Heartbeat"
]
}
]
},
"IncludedSearchResults": "True",
"AlertType": "Metric measurement"
}
}
monitoringService = Application Insights 時的範例記錄搜尋警示
{
"alertContext": {
"SearchQuery": "requests | where resultCode == \"500\" | summarize AggregatedValue = Count by bin(Timestamp, 5m), IP",
"SearchIntervalStartTimeUtc": "3/22/2019 1:36:33 PM",
"SearchIntervalEndtimeUtc": "3/22/2019 1:51:33 PM",
"ResultCount": 2,
"LinkToSearchResults": "https://portal.azure.com/AnalyticsBlade/subscriptions/12345a-1234b-123c-123d-12345678e/?query=search+*+&timeInterval.intervalEnd=2018-03-26T09%3a10%3a40.0000000Z&_timeInterval.intervalDuration=3600&q=Usage",
"LinkToFilteredSearchResultsUI": "https://portal.azure.com/AnalyticsBlade/subscriptions/12345a-1234b-123c-123d-12345678e/?query=search+*+&timeInterval.intervalEnd=2018-03-26T09%3a10%3a40.0000000Z&_timeInterval.intervalDuration=3600&q=Usage",
"LinkToSearchResultsAPI": "https://api.applicationinsights.io/v1/apps/0MyAppId0/metrics/requests/count",
"LinkToFilteredSearchResultsAPI": "https://api.applicationinsights.io/v1/apps/0MyAppId0/metrics/requests/count",
"SearchIntervalDurationMin": "15",
"SearchIntervalInMinutes": "15",
"Threshold": 10000.0,
"Operator": "Less Than",
"ApplicationId": "8e20151d-75b2-4d66-b965-153fb69d65a6",
"Dimensions": [
{
"name": "IP",
"value": "1.1.1.1"
}
],
"SearchResults": {
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "$table",
"type": "string"
},
{
"name": "Id",
"type": "string"
},
{
"name": "Timestamp",
"type": "datetime"
}
],
"rows": [
[
"Fabrikam",
"33446677a",
"2018-02-02T15:03:12.18Z"
],
[
"Contoso",
"33445566b",
"2018-02-02T15:16:53.932Z"
]
]
}
],
"dataSources": [
{
"resourceId": "/subscriptions/a5ea27e2-7482-49ba-90b3-52e7496dd873/resourcegroups/test/providers/microsoft.operationalinsights/workspaces/test",
"tables": [
"Heartbeat"
]
}
]
},
"IncludedSearchResults": "True",
"AlertType": "Metric measurement"
}
}
monitoringService = Log Alerts V2 時的範例記錄搜尋警示
注意
API 版本 2020-05-01 的記錄搜尋警示規則使用此承載型別,其僅支援通用結構描述。 使用此版本時,不會將搜尋結果內嵌於記錄搜尋警示承載。 使用維度來提供引發警示的內容。 您也可使用 LinkToFilteredSearchResultsAPI 或 LinkToSearchResultsAPI,透過 Log Analytics API 來存取查詢結果。 若須內嵌結果,請使用邏輯應用程式及提供的連結來產生自訂承載。
{
"alertContext": {
"properties": {
"name1": "value1",
"name2": "value2"
},
"conditionType": "LogQueryCriteria",
"condition": {
"windowSize": "PT10M",
"allOf": [
{
"searchQuery": "Heartbeat",
"metricMeasureColumn": "CounterValue",
"targetResourceTypes": "['Microsoft.Compute/virtualMachines']",
"operator": "LowerThan",
"threshold": "1",
"timeAggregation": "Count",
"dimensions": [
{
"name": "Computer",
"value": "TestComputer"
}
],
"metricValue": 0.0,
"failingPeriods": {
"numberOfEvaluationPeriods": 1,
"minFailingPeriodsToAlert": 1
},
"linkToSearchResultsUI": "https://portal.azure.com#@12345a-1234b-123c-123d-12345678e/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%212345a-1234b-123c-123d-12345678e%2FresourceGroups%2FContoso%2Fproviders%2FMicrosoft.Compute%2FvirtualMachines%2FContoso%22%7D%5D%7D/q/eJzzSE0sKklKTSypUSjPSC1KVQjJzE11T81LLUosSU1RSEotKU9NzdNIAfJKgDIaRgZGBroG5roGliGGxlYmJlbGJnoGEKCpp4dDmSmKMk0A/prettify/1/timespan/2020-07-07T13%3a54%3a34.0000000Z%2f2020-07-09T13%3a54%3a34.0000000Z",
"linkToFilteredSearchResultsUI": "https://portal.azure.com#@12345a-1234b-123c-123d-12345678e/blade/Microsoft_Azure_Monitoring_Logs/LogsBlade/source/Alerts.EmailLinks/scope/%7B%22resources%22%3A%5B%7B%22resourceId%22%3A%22%2Fsubscriptions%212345a-1234b-123c-123d-12345678e%2FresourceGroups%2FContoso%2Fproviders%2FMicrosoft.Compute%2FvirtualMachines%2FContoso%22%7D%5D%7D/q/eJzzSE0sKklKTSypUSjPSC1KVQjJzE11T81LLUosSU1RSEotKU9NzdNIAfJKgDIaRgZGBroG5roGliGGxlYmJlbGJnoGEKCpp4dDmSmKMk0A/prettify/1/timespan/2020-07-07T13%3a54%3a34.0000000Z%2f2020-07-09T13%3a54%3a34.0000000Z",
"linkToSearchResultsAPI": "https://api.loganalytics.io/v1/subscriptions/12345a-1234b-123c-123d-12345678e/resourceGroups/Contoso/providers/Microsoft.Compute/virtualMachines/Contoso/query?query=Heartbeat%7C%20where%20TimeGenerated%20between%28datetime%282020-07-09T13%3A44%3A34.0000000%29..datetime%282020-07-09T13%3A54%3A34.0000000%29%29×pan=2020-07-07T13%3a54%3a34.0000000Z%2f2020-07-09T13%3a54%3a34.0000000Z",
"linkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1/subscriptions/12345a-1234b-123c-123d-12345678e/resourceGroups/Contoso/providers/Microsoft.Compute/virtualMachines/Contoso/query?query=Heartbeat%7C%20where%20TimeGenerated%20between%28datetime%282020-07-09T13%3A44%3A34.0000000%29..datetime%282020-07-09T13%3A54%3A34.0000000%29%29×pan=2020-07-07T13%3a54%3a34.0000000Z%2f2020-07-09T13%3a54%3a34.0000000Z"
}
],
"windowStartTime": "2020-07-07T13:54:34Z",
"windowEndTime": "2020-07-09T13:54:34Z"
}
}
}
活動記錄警示的警示內容欄位
如需活動記錄警示中欄位的詳細資訊,請參閱 Azure 活動記錄事件結構描述。
monitoringService = 活動記錄 - 管理時的範例活動記錄警示
{
"alertContext": {
"authorization": {
"action": "Microsoft.Compute/virtualMachines/restart/action",
"scope": "/subscriptions/<subscription ID>/resourceGroups/PipeLineAlertRG/providers/Microsoft.Compute/virtualMachines/WCUS-R2-ActLog"
},
"channels": "Operation",
"claims": "{\"aud\":\"https://management.core.windows.net/\",\"iss\":\"https://sts.windows.net/12345a-1234b-123c-123d-12345678e/\",\"iat\":\"1553260826\",\"nbf\":\"1553260826\",\"exp\":\"1553264726\",\"aio\":\"42JgYNjdt+rr+3j/dx68v018XhuFAwA=\",\"appid\":\"e9a02282-074f-45cf-93b0-50568e0e7e50\",\"appidacr\":\"2\",\"http://schemas.microsoft.com/identity/claims/identityprovider\":\"https://sts.windows.net/12345a-1234b-123c-123d-12345678e/\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"9778283b-b94c-4ac6-8a41-d5b493d03aa3\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"9778283b-b94c-4ac6-8a41-d5b493d03aa3\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"12345a-1234b-123c-123d-12345678e\",\"uti\":\"v5wYC9t9ekuA2rkZSVZbAA\",\"ver\":\"1.0\"}",
"caller": "9778283b-b94c-4ac6-8a41-d5b493d03aa3",
"correlationId": "8ee9c32a-92a1-4a8f-989c-b0ba09292a91",
"eventSource": "Administrative",
"eventTimestamp": "2019-03-22T13:56:31.2917159+00:00",
"eventDataId": "161fda7e-1cb4-4bc5-9c90-857c55a8f57b",
"level": "Informational",
"operationName": "Microsoft.Compute/virtualMachines/restart/action",
"operationId": "310db69b-690f-436b-b740-6103ab6b0cba",
"status": "Succeeded",
"subStatus": "",
"submissionTimestamp": "2019-03-22T13:56:54.067593+00:00"
}
}
monitoringService = 活動記錄 - 原則時的範例活動記錄警示
{
"alertContext": {
"authorization": {
"action": "Microsoft.Resources/checkPolicyCompliance/read",
"scope": "/subscriptions/<GUID>"
},
"channels": "Operation",
"claims": "{\"aud\":\"https://management.azure.com/\",\"iss\":\"https://sts.windows.net/<GUID>/\",\"iat\":\"1566711059\",\"nbf\":\"1566711059\",\"exp\":\"1566740159\",\"aio\":\"42FgYOhynHNw0scy3T/bL71+xLyqEwA=\",\"appid\":\"<GUID>\",\"appidacr\":\"2\",\"http://schemas.microsoft.com/identity/claims/identityprovider\":\"https://sts.windows.net/<GUID>/\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"<GUID>\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"<GUID>\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"<GUID>\",\"uti\":\"Miy1GzoAG0Scu_l3m1aIAA\",\"ver\":\"1.0\"}",
"caller": "<GUID>",
"correlationId": "<GUID>",
"eventSource": "Policy",
"eventTimestamp": "2019-08-25T11:11:34.2269098+00:00",
"eventDataId": "<GUID>",
"level": "Warning",
"operationName": "Microsoft.Authorization/policies/audit/action",
"operationId": "<GUID>",
"properties": {
"isComplianceCheck": "True",
"resourceLocation": "eastus2",
"ancestors": "<GUID>",
"policies": "[{\"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/<GUID>/\",\"policySetDefinitionId\":\"/providers/Microsoft.Authorization/policySetDefinitions/<GUID>/\",\"policyDefinitionReferenceId\":\"vulnerabilityAssessmentMonitoring\",\"policySetDefinitionName\":\"<GUID>\",\"policyDefinitionName\":\"<GUID>\",\"policyDefinitionEffect\":\"AuditIfNotExists\",\"policyAssignmentId\":\"/subscriptions/<GUID>/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn/\",\"policyAssignmentName\":\"SecurityCenterBuiltIn\",\"policyAssignmentScope\":\"/subscriptions/<GUID>\",\"policyAssignmentSku\":{\"name\":\"A1\",\"tier\":\"Standard\"},\"policyAssignmentParameters\":{}}]"
},
"status": "Succeeded",
"subStatus": "",
"submissionTimestamp": "2019-08-25T11:12:46.1557298+00:00"
}
}
monitoringService = 活動記錄 - 自動調整時的範例活動記錄警示
{
"alertContext": {
"channels": "Admin, Operation",
"claims": "{\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn\":\"Microsoft.Insights/autoscaleSettings\"}",
"caller": "Microsoft.Insights/autoscaleSettings",
"correlationId": "<GUID>",
"eventSource": "Autoscale",
"eventTimestamp": "2019-08-21T16:17:47.1551167+00:00",
"eventDataId": "<GUID>",
"level": "Informational",
"operationName": "Microsoft.Insights/AutoscaleSettings/Scaleup/Action",
"operationId": "<GUID>",
"properties": {
"description": "The autoscale engine attempting to scale resource '/subscriptions/d<GUID>/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachineScaleSets/testVMSS' from 9 instances count to 10 instances count.",
"resourceName": "/subscriptions/<GUID>/resourceGroups/voiceassistancedemo/providers/Microsoft.Compute/virtualMachineScaleSets/alexademo",
"oldInstancesCount": "9",
"newInstancesCount": "10",
"activeAutoscaleProfile": "{\r\n \"Name\": \"Auto created scale condition\",\r\n \"Capacity\": {\r\n \"Minimum\": \"1\",\r\n \"Maximum\": \"10\",\r\n \"Default\": \"1\"\r\n },\r\n \"Rules\": [\r\n {\r\n \"MetricTrigger\": {\r\n \"Name\": \"Percentage CPU\",\r\n \"Namespace\": \"microsoft.compute/virtualmachinescalesets\",\r\n \"Resource\": \"/subscriptions/<GUID>/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachineScaleSets/testVMSS\",\r\n \"ResourceLocation\": \"eastus\",\r\n \"TimeGrain\": \"PT1M\",\r\n \"Statistic\": \"Average\",\r\n \"TimeWindow\": \"PT5M\",\r\n \"TimeAggregation\": \"Average\",\r\n \"Operator\": \"GreaterThan\",\r\n \"Threshold\": 0.0,\r\n \"Source\": \"/subscriptions/<GUID>/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachineScaleSets/testVMSS\",\r\n \"MetricType\": \"MDM\",\r\n \"Dimensions\": [],\r\n \"DividePerInstance\": false\r\n },\r\n \"ScaleAction\": {\r\n \"Direction\": \"Increase\",\r\n \"Type\": \"ChangeCount\",\r\n \"Value\": \"1\",\r\n \"Cooldown\": \"PT1M\"\r\n }\r\n }\r\n ]\r\n}",
"lastScaleActionTime": "Wed, 21 Aug 2019 16:17:47 GMT"
},
"status": "Succeeded",
"submissionTimestamp": "2019-08-21T16:17:47.2410185+00:00"
}
}
monitoringService = 活動記錄 - 安全性時的範例活動記錄警示
{
"alertContext": {
"channels": "Operation",
"correlationId": "<GUID>",
"eventSource": "Security",
"eventTimestamp": "2019-08-26T08:34:14+00:00",
"eventDataId": "<GUID>",
"level": "Informational",
"operationName": "Microsoft.Security/locations/alerts/activate/action",
"operationId": "<GUID>",
"properties": {
"threatStatus": "Quarantined",
"category": "Virus",
"threatID": "2147519003",
"filePath": "C:\\AlertGeneration\\test.eicar",
"protectionType": "Windows Defender",
"actionTaken": "Blocked",
"resourceType": "Virtual Machine",
"severity": "Low",
"compromisedEntity": "testVM",
"remediationSteps": "[\"No user action is necessary\"]",
"attackedResourceType": "Virtual Machine"
},
"status": "Active",
"submissionTimestamp": "2019-08-26T09:28:58.3019107+00:00"
}
}
monitoringService = ServiceHealth 時的範例活動記錄警示
{
"alertContext": {
"authorization": null,
"channels": 1,
"claims": null,
"caller": null,
"correlationId": "f3cf2430-1ee3-4158-8e35-7a1d615acfc7",
"eventSource": 2,
"eventTimestamp": "2019-06-24T11:31:19.0312699+00:00",
"httpRequest": null,
"eventDataId": "<GUID>",
"level": 3,
"operationName": "Microsoft.ServiceHealth/maintenance/action",
"operationId": "<GUID>",
"properties": {
"title": "Azure Synapse Analytics Scheduled Maintenance Pending",
"service": "Azure Synapse Analytics",
"region": "East US",
"communication": "<MESSAGE>",
"incidentType": "Maintenance",
"trackingId": "<GUID>",
"impactStartTime": "2019-06-26T04:00:00Z",
"impactMitigationTime": "2019-06-26T12:00:00Z",
"impactedServices": "[{\"ImpactedRegions\":[{\"RegionName\":\"East US\"}],\"ServiceName\":\"Azure Synapse Analytics\"}]",
"impactedServicesTableRows": "<tr>\r\n<td align='center' style='padding: 5px 10px; border-right:1px solid black; border-bottom:1px solid black'>Azure Synapse Analytics</td>\r\n<td align='center' style='padding: 5px 10px; border-bottom:1px solid black'>East US<br></td>\r\n</tr>\r\n",
"defaultLanguageTitle": "Azure Synapse Analytics Scheduled Maintenance Pending",
"defaultLanguageContent": "<MESSAGE>",
"stage": "Planned",
"communicationId": "<GUID>",
"maintenanceId": "<GUID>",
"isHIR": "false",
"version": "0.1.1"
},
"status": "Active",
"subStatus": null,
"submissionTimestamp": "2019-06-24T11:31:31.7147357+00:00",
"ResourceType": null
}
}
monitoringService = ResourceHealth 時的範例活動記錄警示
{
"alertContext": {
"channels": "Admin, Operation",
"correlationId": "<GUID>",
"eventSource": "ResourceHealth",
"eventTimestamp": "2019-06-24T15:42:54.074+00:00",
"eventDataId": "<GUID>",
"level": "Informational",
"operationName": "Microsoft.Resourcehealth/healthevent/Activated/action",
"operationId": "<GUID>",
"properties": {
"title": "This virtual machine is stopping and deallocating as requested by an authorized user or process",
"details": null,
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Available",
"type": "Downtime",
"cause": "UserInitiated"
},
"status": "Active",
"submissionTimestamp": "2019-06-24T15:45:20.4488186+00:00"
}
}
Prometheus 警示的警示內容欄位
如需 Prometheus 警示中欄位的詳細資訊,請參閱 適用於 Prometheus 規則群組的 Azure 監視器受控服務 (預覽)。
範例 Prometheus 警示
{
"alertContext": {
"interval": "PT1M",
"expression": "sql_up > 0",
"expressionValue": "0",
"for": "PT2M",
"labels": {
"Environment": "Prod",
"cluster": "myCluster1"
},
"annotations": {
"summary": "alert on SQL availability"
},
"ruleGroup": "/subscriptions/<subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.AlertsManagement/prometheusRuleGroups/myRuleGroup"
}
}
自訂屬性欄位
如果產生警示的警示規則包含動作群組,則自訂屬性可以包含警示的其他資訊。 自訂屬性區段包含新增至 Webhook 通知的「機碼值」物件。
如果未在警示規則中設定自訂屬性,則欄位為 null。
啟用通用警示結構描述
使用 Azure 入口網站中的動作群組,或使用 REST API 啟用通用警示結構描述。 結構描述定義於動作層級。 例如,您必須個別啟用電子郵件動作和 Webhook 動作的結構描述。
在 Azure 入口網站中啟用通用結構描述
- 在動作群組中開啟任何現有或新的動作。
- 選取 [是] 啟用通用警示結構描述。
使用 REST API 啟用通用結構描述
您也可以使用動作群組 API 來加入一般警示結構描述。 在建立或更新 REST API 呼叫中,
- 將 "useCommonAlertSchema" 旗標設定為
true以啟用通用結構描述 - 將 "useCommonAlertSchema" 旗標設定為
false,讓電子郵件、Webhook、Logic Apps、Azure Functions 或 自動化 Runbook 動作使用非通用結構描述。
使用通用結構描述的範例 REST API 呼叫
下列建立或更新 REST API 要求:
- 針對電子郵件動作「John Doe 的電子郵件」,啟用通用警示結構描述。
- 針對電子郵件動作「Jane Smith 的電子郵件」,停用通用警示結構描述。
- 針對 Webhook 動作「範例 Webhook」,啟用通用警示結構描述。
{
"properties": {
"groupShortName": "sample",
"enabled": true,
"emailReceivers": [
{
"name": "John Doe's email",
"emailAddress": "johndoe@email.com",
"useCommonAlertSchema": true
},
{
"name": "Jane Smith's email",
"emailAddress": "janesmith@email.com",
"useCommonAlertSchema": false
}
],
"smsReceivers": [
{
"name": "John Doe's mobile",
"countryCode": "1",
"phoneNumber": "1234567890"
},
{
"name": "Jane Smith's mobile",
"countryCode": "1",
"phoneNumber": "0987654321"
}
],
"webhookReceivers": [
{
"name": "Sample webhook",
"serviceUri": "http://www.example.com/webhook",
"useCommonAlertSchema": true
}
]
},
"location": "Global",
"tags": {}
}