Microsoft Azure 中的警示概觀Overview of alerts in Microsoft Azure

本文章說明何謂警示、其優點,以及如何開始使用它們。This article describes what alerts are, their benefits, and how to get started using them.

Microsoft Azure 中的警示是什麼?What are alerts in Microsoft Azure?

當您的監視資料中發現重要條件時,警示會主動通知您。Alerts proactively notify you when important conditions are found in your monitoring data. 它們可讓您在系統使用者注意到問題之前,找出並解決問題。They allow you to identify and address issues before the users of your system notice them.

本文討論 Azure 監視器中的整合警示體驗,其中包括先前由 Log Analytics 和 Application Insights 所管理的警示。This article discusses the unified alert experience in Azure Monitor, which includes alerts that were previously managed by Log Analytics and Application Insights. 先前的警示體驗和警示類型稱為傳統警示The previous alert experience and alert types are called classic alerts. 您可以選取 [警示] 頁面頂端的 [查看傳統警示],以查看這個較舊的體驗和較舊的警示類型。You can view this older experience and older alert type by selecting View classic alerts at the top of the alert page.

概觀Overview

下圖代表警示流程。The diagram below represents the flow of alerts.

警示流程的圖表

警示規則會與警示和警示引發時所採取的動作隔開。Alert rules are separated from alerts and the actions taken when an alert fires. 警示規則會捕捉警示的目標和準則。The alert rule captures the target and criteria for alerting. 警示規則可處於已啟用或已停用狀態。The alert rule can be in an enabled or a disabled state. 警示只有在啟用時才會引發。Alerts only fire when enabled.

以下是警示規則的關鍵屬性:The following are key attributes of an alert rule:

目標資源:定義可用於警示的範圍和信號。Target Resource: Defines the scope and signals available for alerting. 目標可以是任何 Azure 資源。A target can be any Azure resource. 範例目標:虛擬機器、儲存體帳戶、虛擬機器擴展集、Log Analytics 工作區或 Application Insights 資源。Example targets: a virtual machine, a storage account, a virtual machine scale set, a Log Analytics workspace, or an Application Insights resource. 對於某些資源(例如虛擬機器),您可以指定多個資源作為警示規則的目標。For certain resources (like virtual machines), you can specify multiple resources as the target of the alert rule.

信號:由目標資源發出。Signal: Emitted by the target resource. 信號可以是下列類型: [計量]、[活動記錄]、[Application Insights] 和 [記錄]。Signals can be of the following types: metric, activity log, Application Insights, and log.

準則:在目標資源上套用的信號和邏輯的組合。Criteria: A combination of signal and logic applied on a target resource. 範例:Examples:

  • 百分比 CPU > 70%Percentage CPU > 70%
  • 伺服器回應時間 > 4 msServer Response Time > 4 ms
  • 記錄查詢的結果計數 > 100Result count of a log query > 100

警示名稱:使用者所設定之警示規則的特定名稱。Alert Name: A specific name for the alert rule configured by the user.

警示描述:使用者所設定之警示規則的描述。Alert Description: A description for the alert rule configured by the user.

嚴重性:符合警示規則中指定準則之後的警示嚴重性。Severity: The severity of the alert after the criteria specified in the alert rule is met. 嚴重性的範圍可從 0 到 4。Severity can range from 0 to 4.

  • 嚴重性 0 = 重大Sev 0 = Critical
  • 嚴重性 1 = 錯誤Sev 1 = Error
  • 嚴重性 2 = 警告Sev 2 = Warning
  • 嚴重性 3 = 資訊Sev 3 = Informational
  • 嚴重性 4 = 詳細資訊Sev 4 = Verbose

動作:引發警示時所採取的特定動作。Action: A specific action taken when the alert is fired. 如需詳細資訊,請參閱動作群組For more information, see Action Groups.

您可以發出警示的對象What you can alert on

您可以如監視資料來源中所述,對計量和記錄發出警示。You can alert on metrics and logs, as described in monitoring data sources. 包含但不限於:These include but are not limited to:

  • 計量值Metric values
  • 記錄搜尋查詢Log search queries
  • 活動記錄事件Activity log events
  • 基礎 Azure 平台健康情況Health of the underlying Azure platform
  • 網站可用性測試Tests for website availability

之前,「Azure 監視器」計量、Application Insights、Log Analytics 及「服務健康狀態」具有個別的警示功能。Previously, Azure Monitor metrics, Application Insights, Log Analytics, and Service Health had separate alerting capabilities. 隨著時間進展,Azure 已改善並結合使用者介面與不同的警示方法。Over time, Azure improved and combined both the user interface and different methods of alerting. 這樣的整併仍在持續進行中。This consolidation is still in process. 因此,新的警示系統中仍可能沒有某些警示功能。As a result, there are still some alerting capabilities not yet in the new alerts system.

監視來源Monitor source 訊號類型Signal type 說明Description
服務健康情況Service health 活動記錄Activity log 不支援。Not supported. 請參閱建立服務通知的活動記錄警示See Create activity log alerts on service notifications.
Application InsightsApplication Insights Web 可用性測試Web availability tests 不支援。Not supported. 請參閱 Web 測試警示See Web test alerts. 可供任何經檢測可傳送資料給 Application Insights 的網站使用。Available to any website that's instrumented to send data to Application Insights. 當網站的可用性或回應能力低於預期時收到通知。Receive a notification when availability or responsiveness of a website is below expectations.

管理警示Manage alerts

您可以設定警示的狀態來指定警示在解決流程中的位置。You can set the state of an alert to specify where it is in the resolution process. 當符合警示規則中指定的準則時,會建立或引發警示,而且其狀態會是 [新增]。When the criteria specified in the alert rule is met, an alert is created or fired, and it has a status of New. 當您認可警示並將它關閉時,您可以變更狀態。You can change the status when you acknowledge an alert and when you close it. 任何狀態變更都會儲存在警示的記錄中。All state changes are stored in the history of the alert.

支援下列警示狀態:The following alert states are supported.

狀況State 描述Description
新功能New 已偵測到此問題,而且尚未進行審核。The issue has just been detected and hasn't yet been reviewed.
已認可Acknowledged 系統管理員已檢閱警示,且已開始處理。An administrator has reviewed the alert and started working on it.
關閉Closed 已解決問題。The issue has been resolved. 關閉警示之後,您可以將警示變更為另一個狀態以重新開啟它。After an alert has been closed, you can reopen it by changing it to another state.

警示狀態監視條件不同且無關。Alert state is different and independent of the monitor condition. 警示狀態是由使用者所設定的。Alert state is set by the user. 監視條檢是由系統所設定的。Monitor condition is set by the system. 當引發警示時,警示的監視條件會設定為「已引發」。When an alert fires, the alert's monitor condition is set to fired. 當導致引發警示的根本條件清除時,監視條件就會設定為「已解決」。When the underlying condition that caused the alert to fire clears, the monitor condition is set to resolved. 警示狀態需等到使用者變更它之後才會變更。The alert state isn't changed until the user changes it. 了解如何變更警示與智慧群組的狀態Learn how to change the state of your alerts and smart groups.

智慧群組Smart groups

智慧群組是以機器學習服務演算法為基礎的警示匯總,有助於減少警示雜訊並協助進行疑難排解。Smart groups are aggregations of alerts based on machine learning algorithms, which can help reduce alert noise and aid in troubleshooting. 深入了解智慧群組如何管理智慧群組Learn more about Smart Groups and how to manage your smart groups.

警示體驗Alerts experience

[預設警示] 頁面會提供在特定時間範圍內建立之警示的摘要。The default Alerts page provides a summary of alerts that are created within a particular time range. 它會顯示每個嚴重性的警示總計,其中的資料行會指出每個嚴重性的每個狀態中的警示總數。It displays the total alerts for each severity, with columns that identify the total number of alerts in each state for each severity. 選取任何嚴重性以開啟依照該嚴重性篩選的 所有警示 頁面。Select any of the severities to open the All Alerts page filtered by that severity.

或者,您可以使用 REST api,以程式設計方式列舉您的訂用帳戶所產生的警示實例Alternatively, you can programmatically enumerate the alert instances generated on your subscriptions by using REST APIs.

注意

您只能存取過去30天內產生的警示。You can only access alerts generated in the last 30 days.

它不會顯示或追蹤傳統警示。It doesn't show or track classic alerts. 您可以變更訂用帳戶或篩選參數來更新頁面。You can change the subscriptions or filter parameters to update the page.

[警示] 頁面的螢幕擷取畫面

您可以在頁面頂端的下拉式功能表中選取值,以篩選此視圖。You can filter this view by selecting values in the drop-down menus at the top of the page.

ColumnColumn 描述Description
SubscriptionSubscription 選取您要查看其警示的 Azure 訂用帳戶。Select the Azure subscriptions for which you want to view the alerts. 您可以選擇性地選擇選取所有訂用帳戶。You can optionally choose to select all your subscriptions. 只有您在所選訂用帳戶中有權存取的警示才會包含在此視圖中。Only alerts that you have access to in the selected subscriptions are included in the view.
Resource groupResource group 選取單一資源群組。Select a single resource group. 檢視僅會包含所選資源群組中具有目標的警示。Only alerts with targets in the selected resource group are included in the view.
時間範圍Time range 只有在所選時間範圍內引發的警示才會包含在此視圖中。Only alerts fired within the selected time range are included in the view. 支援的值為過去 1 小時、過去 24 小時、過去 7 天和過去 30 天。Supported values are the past hour, the past 24 hours, the past 7 days, and the past 30 days.

選取 [警示] 頁面頂端的下列值,以開啟另一個頁面:Select the following values at the top of the Alerts page to open another page:

ValueValue 描述Description
警示總計Total alerts 符合所選準則的警示總數。The total number of alerts that match the selected criteria. 選取此值以開啟沒有任何篩選的 [所有警示] 檢視。Select this value to open the All Alerts view with no filter.
智慧群組Smart groups 從符合所選準則之警示建立的智慧群組總數。The total number of smart groups that were created from the alerts that match the selected criteria. 選取此值將開啟 [所有警示] 檢視中的智慧群組清單。Select this value to open the smart groups list in the All Alerts view.
警示規則總計Total alert rules 所選訂用帳戶和資源群組中的警示規則總數。The total number of alert rules in the selected subscription and resource group. 選取此值以開啟在選取的訂用帳戶與資源群組上篩選的 [規則] 檢視。Select this value to open the Rules view filtered on the selected subscription and resource group.

管理警示規則Manage alert rules

若要顯示 [規則] 頁面,請選取 [管理警示規則]。To show the Rules page, select Manage alert rules. [規則] 頁面是管理所有 Azure 訂用帳戶之所有警示規則的單一位置。The Rules page is a single place for managing all alert rules across your Azure subscriptions. 它會列出所有警示規則,並可根據目標資源、資源群組、規則名稱或狀態來排序。It lists all alert rules and can be sorted based on target resources, resource groups, rule name, or status. 您也可以從這個頁面編輯、啟用或停用警示規則。You can also edit, enable, or disable alert rules from this page.

[規則] 頁面的螢幕擷取畫面

建立警示規則Create an alert rule

無論監視服務或信號類型為何,您都可以使用一致的方式撰寫警示。You can author alerts in a consistent manner, regardless of the monitoring service or signal type. 所有引發的警示和相關的詳細資料都在單一頁面中提供。All fired alerts and related details are available in single page.

以下是建立新警示規則的方法:Here's how to create a new alert rule:

  1. 挑選警示的_目標_。Pick the target for the alert.
  2. 從目標的可用訊號中選取_訊號_。Select the signal from the available signals for the target.
  3. 從訊號指定套用於資料的_邏輯_。Specify the logic to be applied to data from the signal.

這個簡化的編寫程序讓您不再需要先知道監視來源或支援的訊號,就能選取 Azure 資源。This simplified authoring process no longer requires you to know the monitoring source or signals that are supported before selecting an Azure resource. 可用訊號的清單會自動根據您選取的目標資源進行篩選。The list of available signals is automatically filtered based on the target resource that you select. 此外,也會根據該目標,自動逐步引導您定義警示規則的邏輯。Also based on that target, you are guided through defining the logic of the alert rule automatically.

您可以參閱使用 Azure 監視器來建立、檢視及管理警示,深入了解如何建立警示規則。You can learn more about how to create alert rules in Create, view, and manage alerts using Azure Monitor.

警示可跨數個 Azure 監視服務使用。Alerts are available across several Azure monitoring services. 如需如何和何時使用每個服務的資訊,請參閱監視 Azure 應用程式和資源For information about how and when to use each of these services, see Monitoring Azure applications and resources.

[所有警示] 頁面All Alerts page

若要查看 [所有警示] 頁面,請選取 [警示總計]。To see the All Alerts page, select Total Alerts. 在這裡,您可以查看在選取的時間內建立的警示清單。Here you can view a list of alerts created within the selected time. 您可以檢視個別警示的清單,或包含警示的智慧群組清單。You can view either a list of the individual alerts or a list of the smart groups that contain the alerts. 選取頁面頂端的橫幅以切換檢視。Select the banner at the top of the page to toggle between views.

[所有警示] 頁面的螢幕擷取畫面

您可以在頁面頂端的下拉式功能表中選取下列值來篩選此視圖:You can filter the view by selecting the following values in the drop-down menus at the top of the page:

ColumnColumn 描述Description
SubscriptionSubscription 選取您要查看其警示的 Azure 訂用帳戶。Select the Azure subscriptions for which you want to view the alerts. 您可以選擇性地選擇選取所有訂用帳戶。You can optionally choose to select all your subscriptions. 只有您在所選訂用帳戶中有權存取的警示才會包含在此視圖中。Only alerts that you have access to in the selected subscriptions are included in the view.
Resource groupResource group 選取單一資源群組。Select a single resource group. 檢視僅會包含所選資源群組中具有目標的警示。Only alerts with targets in the selected resource group are included in the view.
資源類型Resource type 選取一個或多個資源類型。Select one or more resource types. 檢視僅會包含所選類型目標之具目標的警示。Only alerts with targets of the selected type are included in the view. 指定資源群組之後,才可使用此欄。This column is only available after a resource group has been specified.
資源Resource 選取資源。Select a resource. 只有以該資源作為目標的警示才會包含在檢視中。Only alerts with that resource as a target are included in the view. 指定資源類型之後,才可使用此欄。This column is only available after a resource type has been specified.
嚴重性Severity 選取警示嚴重性,或選取 [所有] 以包含所有嚴重性的警示。Select an alert severity, or select All to include alerts of all severities.
監視器條件Monitor condition 選取監視條件,或選取 [全部] 以包含所有條件的警示。Select a monitor condition, or select All to include alerts of all conditions.
警示狀態Alert state 選取警示狀態,或選取 [全部] 以包含所有狀態的警示。Select an alert state, or select All to include alerts of all states.
監視器服務Monitor service 選取服務,或選取 [所有] 以包含所有服務。Select a service, or select All to include all services. 只會包含由使用服務作為目標之規則所建立的警示。Only alerts created by rules that use service as a target are included.
時間範圍Time range 只有在所選時間範圍內引發的警示才會包含在此視圖中。Only alerts fired within the selected time range are included in the view. 支援的值為過去 1 小時、過去 24 小時、過去 7 天和過去 30 天。Supported values are the past hour, the past 24 hours, the past 7 days, and the past 30 days.

選取頁面頂端的 [資料],以選取要顯示的資料行。Select Columns at the top of the page to select which columns to show.

[警示詳細資料] 頁面Alert details page

當您選取警示時,此頁面會提供警示的詳細資料,並可讓您變更其狀態。When you select an alert, this page provides details of the alert and enables you to change its state.

[警示詳細資料] 頁面的螢幕擷取畫面

[警示詳細資料] 頁面包含下列區段:The Alert details page includes the following sections:

區段Section 描述Description
總結Summary 顯示警示的內容和其他重要資訊。Displays the properties and other significant information about the alert.
歷程記錄History 列出警示採取的每個動作,以及對警示所做的任何變更。Lists each action taken by the alert and any changes made to the alert. 目前僅限於狀態變更。Currently limited to state changes.
診斷程式Diagnostics 包含警示之智慧群組的相關資訊。Information about the smart group in which the alert is included. 「警示計數」是指智慧群組中包含的警示數目。The alert count refers to the number of alerts that are included in the smart group. 包含在過去30天內建立的相同智慧群組中的其他警示,而不論警示清單頁面中的時間篩選準則為何。Includes other alerts in the same smart group that were created in the past 30 days, regardless of the time filter in the alerts list page. 選取警示以檢視其詳細資料。Select an alert to view its detail.

警示實例的角色型存取控制(RBAC)Role-based access control (RBAC) for your alert instances

警示實例的耗用量和管理需要使用者具備監視參與者監視讀取者的內建 RBAC 角色。The consumption and management of alert instances requires the user to have the built-in RBAC roles of either monitoring contributor or monitoring reader. 在任何 Azure Resource Manager 範圍(從訂用帳戶層級到資源層級的細微指派)都支援這些角色。These roles are supported at any Azure Resource Manager scope, from the subscription level to granular assignments at a resource level. 例如,如果使用者僅有虛擬機器 ContosoVM1的監視參與者存取權,則該使用者只能取用和管理 ContosoVM1產生的警示。For example, if a user only has monitoring contributor access for virtual machine ContosoVM1, that user can consume and manage only alerts generated on ContosoVM1.

以程式設計方式管理您的警示實例Manage your alert instances programmatically

您可能想要以程式設計方式查詢針對您的訂用帳戶所產生的警示。You might want to query programmatically for alerts generated against your subscription. 這可能是在 Azure 入口網站外部建立自訂的視圖,或是用來分析您的警示以識別模式和趨勢。This might be to create custom views outside of the Azure portal, or to analyze your alerts to identify patterns and trends.

您可以使用警示管理 REST API或使用警示的 Azure Resource Graph REST API)來查詢針對您的訂用帳戶所產生的警示。You can query for alerts generated against your subscriptions either by using the Alert Management REST API or by using the Azure Resource Graph REST API for Alerts).

警示的 Azure Resource Graph REST API)可讓您大規模查詢警示實例。The Azure Resource Graph REST API for Alerts) allows you to query for alert instances at scale. 當您必須管理跨多個訂用帳戶所產生的警示時,建議使用此選項。This is recommended when you have to manage alerts generated across many subscriptions.

下列對 API 的範例要求會傳回一個訂用帳戶內的警示計數:The following sample request to the API returns the count of alerts within one subscription:

{
  "subscriptions": [
    <subscriptionId>
  ],
  "query": "where type =~ 'Microsoft.AlertsManagement/alerts' | summarize count()",
  "options": {
            "dataset":"alerts"
  }
}

您可以查詢這些警示的必要欄位。You can query the alerts for their essential fields.

使用警示管理 REST API取得特定警示的詳細資訊,包括其警示內容欄位。Use the Alert Management REST API to get more information about specific alerts, including their alert context fields.

後續步驟Next steps