Share via

How to embed search results in alert from logic app?

Quattrocchi, Calogero 270 Reputation points
2023-09-25T11:54:42.8966667+00:00

Hi,

I know that:

"Log alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log alerts payload when you use this version. Use dimensions to provide context to fired alerts. You can also use LinkToFilteredSearchResultsAPI or LinkToSearchResultsAPI to access query results with the Log Analytics API. If you must embed the results, use a logic app with the provided links to generate a custom payload."

Do you have an example (or a URL) on how to use a logic apps to embed the results in a log alert payload?

Thanks

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,484 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SwathiDhanwada-MSFT 18,891 Reputation points
    2023-09-26T05:06:41.9666667+00:00

    Quattrocchi, Calogero Thanks for your question. You can use Azure Logic Apps to build and customize workflows for integration. Use Logic Apps to customize your alert notifications. You can:

    • Customize the alerts email by using your own email subject and body format.
    • Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows that contain alerts data, see:
    • Azure Monitor Log Analytics API response format
    • Query/management HTTP response
    • Integrate with external services by using existing connectors like Outlook, Microsoft Teams, Slack, and PagerDuty. You can also configure the logic app for your own services.

    You can refer this document as an example on how to send alerts details to logic app and customize it based on your requirement. Kindly try it out. If you face any issues, do comment here. I will assist accordingly.

  2. Brian 20 Reputation points
    2024-04-29T16:55:48.63+00:00

    Hi, I need help authenticating my Logic App to call the LinkToFilteredSearchResultsAPI. There's quite a bit of confusing information available for doing this, but it feels like it should be straightforward.

    0 comments
  3. Kerry Powell 0 Reputation points
    2025-02-25T05:43:42.7166667+00:00

    Hello

    I have found the documentation to be very vague about how to achieve this using a logic app and managed identity. While I don't have an example, here are some of the steps I took to get it all working

    My answer assumes you already have a logic app that is receiving events from triggered alerts

    1. Assign the logic app a system assigned managed identity
    2. Provide the managed identity the Reader role to the following
      1. The targeted log analytics workspace resource group; https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/register-app-for-token?tabs=portal#next-steps
      2. Any resources that are assigned as "scopes" in your alert
      3. Note: if this isn't working, Reader role on the subscription should work, but I would recommend limiting the access if you can
    3. An http action can be added to the logic app setting the URI to LinkToFilteredSearchResultsAPI and under Advanced parameters > Authentication set;
      1. Authentication type: Managed Identity
      2. Managed identity: to your identity type you're using
      3. Audience: https://api.loganalytics.io
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.