Azure: How to Send alerts to Slack or Skype for business
You can use webhooks to route an Azure alert notification to other systems for post-processing or custom actions.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-60.png
Azure alerts use HTTP POST to send the alert contents in JSON format to a webhook URI (How to get this URI is detailed below.) that you provide when you create the alert. Then required data is extracted from this alert content and submitted to a Slack channel.
As said, Azure can send alerts to a webhook URI (not directly to slack). So we first need to set up a URI where it can receive alerts from Azure monitor or Application insights. This URI is created with the help of Logic Apps is azure. Logic Apps then converts the alert content and submit it to a slack channel.
Azure cannot send alerts directly to slack, We use Apps Logic service as a mediator
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-84.png
Here is what we will need to send alerts to slack
- Create an alert in Azure monitor or use existing alert
- Create Slack Account if you don’t have (Works well with free License)
- Create a Logic App (Free tire works well)
- Setup a workflows with Azure Logic Apps
- Create a webhook action group in Alerts
I assuming that you must have an alert and slack account in place, if not please create before continuing.
1. Create a Logic App
To create a Logic App, login to portal.azure.com and navigate to all services, search for Login Apps.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-77.png
Fill up the required details and click Create.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-64.png
Wait for the resource to be created, and once created we are directed automatically to the Logic App Designer Blade.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-65.png
2. Create a Workflow in Login App
Within Logic Apps we have to create a workflow, Start by creating a trigger. Here we are looking to accept HTTP POST contents send by Alerts, So choose When a HTTP Request is received
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-66.png
The HTTP POST URL will be generated automatically once you save the design
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-78.png
Click on Edit to change default values for the parameters, and paste below code here. This is the JSON schema that we use to extract required information form the HTTP POST content send by alerts.
This schema contains required information to collect any administrative activity logs, for other schemas, please look in this article. You can use sample payloads from this article to generate required schema using ‘use sample payload to generate schema link’
{
"properties":{
"data":{
"properties":{
"context":{
"properties":{
"activityLog":{
"properties":{
"authorization":{
"properties":{
"action":{
"type":"string"
},
"scope":{
"type":"string"
}
},
"type":"object"
},
"caller":{
"type":"string"
},
"claims":{
"type":"string"
},
"description":{
"type":"string"
},
"httpRequest":{
"type":"string"
},
"resourceGroupName":{
"type":"string"
},
"resourceId":{
"type":"string"
},
"resourceProviderName":{
"type":"string"
},
"resourceType":{
"type":"string"
}
},
"type":"object"
}
},
"type":"object"
},
"properties":{
"properties":{
},
"type":"object"
},
"status":{
"type":"string"
}
},
"type":"object"
},
"schemaId":{
"type":"string"
}
},
"type":"object"
}
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-71.png
Now, Click on + New Step, and Search for slack here. Choose ‘Post message’ under slack
Choose Skype for business if you want to get alerts in Skype for business.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-72.png
Since we chose Slack we have to authenticate with slack credentials.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-73.png
Click on Sign in, this will open up slack login page to authenticate:
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-74.png
Once authenticated, choose the channel in which you prefer to view the alerts;
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-75.png
Now, in Message Text Column type and/or choose required Dynamic Contents as shown in below example:
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-76.png
Save the Logic App Design and here is how it will look like.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-79.png
Click on ‘When a HTTP Request is received’ to expand and make a note of HTTP POST URL:
we need this URL to create a webhook in alerts.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-80.png
3. Create a Action Group in Monitor
Now we have a URI which is listening to incoming HTTP POSTs. Let us go ahead and create a action group with webhook.
From All Services search for ‘Monitor’
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-81.png
In the first blade scroll down to see Action Groups under Setting category
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-83.png
Click on + Add Action Group, Fill up the details.
Choose action type as webhook, Click on edit settings and enter the URI we copied from previous step (from Logic App designer).
Azure now supports Logic Apps instead of webhooks, choose Logic apps and select the logic app we created.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-85.png
Click OK, And save the Action group.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-86.png
We have a Action Group, Now define this action group to any alert.
4. Define Action group in an Alert
If you already have an alert, Define our new action group in it. Else create a new administrative activity alert and define the action group.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-87.png
We are done. We must start getting alerts in Slack now.
https://blog.cloudadmin.me/wp-content/uploads/2018/08/image_thumb-88.png
