Share via

Microsoft.Insights activityLogAlerts

  • Article

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Bicep resource definition

The activityLogAlerts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
  location: 'string'
  name: 'string'
  properties: {
    actions: {
      actionGroups: [
        {
          actionGroupId: 'string'
          actionProperties: {
            {customized property}: 'string'
          }
          webhookProperties: {
            {customized property}: 'string'
          }
        }
      ]
    }
    condition: {
      allOf: [
        {
          anyOf: [
            {
              containsAny: [
                'string'
              ]
              equals: 'string'
              field: 'string'
            }
          ]
          containsAny: [
            'string'
          ]
          equals: 'string'
          field: 'string'
        }
      ]
    }
    description: 'string'
    enabled: bool
    scopes: [
      'string'
    ]
    tenantScope: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value

ActionGroupWebhookProperties

Name Description Value

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

AzureResourceTags

Name Description Value

Microsoft.Insights/activityLogAlerts

Name Description Value
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
name The resource name string

Constraints:
Pattern = ^[-\w\._\(\)]+$ (required)
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Creates an Azure service alert This template creates an Azure service health alert that optionally sends emails to service administrators and specified email addresses in the event of cerain Azure service outages.

ARM template resource definition

The activityLogAlerts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following JSON to your template.

{
  "type": "Microsoft.Insights/activityLogAlerts",
  "apiVersion": "2023-01-01-preview",
  "name": "string",
  "location": "string",
  "properties": {
    "actions": {
      "actionGroups": [
        {
          "actionGroupId": "string",
          "actionProperties": {
            "{customized property}": "string"
          },
          "webhookProperties": {
            "{customized property}": "string"
          }
        }
      ]
    },
    "condition": {
      "allOf": [
        {
          "anyOf": [
            {
              "containsAny": [ "string" ],
              "equals": "string",
              "field": "string"
            }
          ],
          "containsAny": [ "string" ],
          "equals": "string",
          "field": "string"
        }
      ]
    },
    "description": "string",
    "enabled": "bool",
    "scopes": [ "string" ],
    "tenantScope": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value

ActionGroupWebhookProperties

Name Description Value

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

AzureResourceTags

Name Description Value

Microsoft.Insights/activityLogAlerts

Name Description Value
apiVersion The api version '2023-01-01-preview'
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
name The resource name string

Constraints:
Pattern = ^[-\w\._\(\)]+$ (required)
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Insights/activityLogAlerts'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure		 This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure		 This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Alert for misconfigured Key Vault on Application Gateway

Deploy to Azure		 Use such templates to easily create some important event alerts for your Azure Application Gateway.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure		 This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Creates an Azure service alert

Deploy to Azure		 This template creates an Azure service health alert that optionally sends emails to service administrators and specified email addresses in the event of cerain Azure service outages.
Deploy a Service Health Alert

Deploy to Azure		 This template allows you to deploy a simple alert which uses an action group to send email notifications for any Service Health records in the Azure Activity Log
Deploy an Autoscale Activity Log Alert

Deploy to Azure		 This template allows you to deploy a simple alert which uses an action group to send email notifications for any Autoscale records in the Azure Activity Log
Deploy an Autoscale Failed Activity Log Alert

Deploy to Azure		 This template allows you to deploy a simple alert which uses an action group to send email notifications for any failed Autoscale records in the Azure Activity Log

Terraform (AzAPI provider) resource definition

The activityLogAlerts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Insights/activityLogAlerts@2023-01-01-preview"
  name = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      actions = {
        actionGroups = [
          {
            actionGroupId = "string"
            actionProperties = {
              {customized property} = "string"
            }
            webhookProperties = {
              {customized property} = "string"
            }
          }
        ]
      }
      condition = {
        allOf = [
          {
            anyOf = [
              {
                containsAny = [
                  "string"
                ]
                equals = "string"
                field = "string"
              }
            ]
            containsAny = [
              "string"
            ]
            equals = "string"
            field = "string"
          }
        ]
      }
      description = "string"
      enabled = bool
      scopes = [
        "string"
      ]
      tenantScope = "string"
    }
  })
}

Property values

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value

ActionGroupWebhookProperties

Name Description Value

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.		 string

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

AzureResourceTags

Name Description Value

Microsoft.Insights/activityLogAlerts

Name Description Value
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
name The resource name string

Constraints:
Pattern = ^[-\w\._\(\)]+$ (required)
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Insights/activityLogAlerts@2023-01-01-preview"