Microsoft.Insights activityLogAlerts

Bicep resource definition

The activityLogAlerts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  properties: {
    actions: {
      actionGroups: [
        {
          actionGroupId: 'string'
          actionProperties: {
            {customized property}: 'string'
          }
          webhookProperties: {
            {customized property}: 'string'
          }
        }
      ]
    }
    condition: {
      allOf: [
        {
          anyOf: [
            {
              containsAny: [
                'string'
              ]
              equals: 'string'
              field: 'string'
            }
          ]
          containsAny: [
            'string'
          ]
          equals: 'string'
          field: 'string'
        }
      ]
    }
    description: 'string'
    enabled: bool
    scopes: [
      'string'
    ]
    tenantScope: 'string'
  }
}

Property values

activityLogAlerts

Name Description Value
name The resource name string (required)

Character limit: 1-260

Valid characters:
Can't use:
<>*%{}&:\\?+/#| or control characters

Can't end with space or period.
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
tags The tags of the resource. Dictionary of tag names and values. See Tags in templates
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value
{customized property} string

ActionGroupWebhookProperties

Name Description Value
{customized property} string

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Alert for misconfigured Key Vault on Application Gateway

Deploy to Azure
Use such templates to easily create some important event alerts for your Azure Application Gateway.
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Deploy an Autoscale Activity Log Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any Autoscale records in the Azure Activity Log
Deploy an Autoscale Failed Activity Log Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any failed Autoscale records in the Azure Activity Log
Deploy a Service Health Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any Service Health records in the Azure Activity Log
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Creates an Azure service alert

Deploy to Azure
This template creates an Azure service health alert that optionally sends emails to service administrators and specified email addresses in the event of cerain Azure service outages.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault

ARM template resource definition

The activityLogAlerts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following JSON to your template.

{
  "type": "Microsoft.Insights/activityLogAlerts",
  "apiVersion": "2023-01-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "actions": {
      "actionGroups": [
        {
          "actionGroupId": "string",
          "actionProperties": {
            "{customized property}": "string"
          },
          "webhookProperties": {
            "{customized property}": "string"
          }
        }
      ]
    },
    "condition": {
      "allOf": [
        {
          "anyOf": [
            {
              "containsAny": [ "string" ],
              "equals": "string",
              "field": "string"
            }
          ],
          "containsAny": [ "string" ],
          "equals": "string",
          "field": "string"
        }
      ]
    },
    "description": "string",
    "enabled": "bool",
    "scopes": [ "string" ],
    "tenantScope": "string"
  }
}

Property values

activityLogAlerts

Name Description Value
type The resource type 'Microsoft.Insights/activityLogAlerts'
apiVersion The resource api version '2023-01-01-preview'
name The resource name string (required)

Character limit: 1-260

Valid characters:
Can't use:
<>*%{}&:\\?+/#| or control characters

Can't end with space or period.
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
tags The tags of the resource. Dictionary of tag names and values. See Tags in templates
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value
{customized property} string

ActionGroupWebhookProperties

Name Description Value
{customized property} string

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Alert for misconfigured Key Vault on Application Gateway

Deploy to Azure
Use such templates to easily create some important event alerts for your Azure Application Gateway.
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Deploy an Autoscale Activity Log Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any Autoscale records in the Azure Activity Log
Deploy an Autoscale Failed Activity Log Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any failed Autoscale records in the Azure Activity Log
Deploy a Service Health Alert

Deploy to Azure
This template allows you to deploy a simple alert which uses an action group to send email notifications for any Service Health records in the Azure Activity Log
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Creates an Azure service alert

Deploy to Azure
This template creates an Azure service health alert that optionally sends emails to service administrators and specified email addresses in the event of cerain Azure service outages.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault

Terraform (AzAPI provider) resource definition

The activityLogAlerts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/activityLogAlerts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Insights/activityLogAlerts@2023-01-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      actions = {
        actionGroups = [
          {
            actionGroupId = "string"
            actionProperties = {
              {customized property} = "string"
            }
            webhookProperties = {
              {customized property} = "string"
            }
          }
        ]
      }
      condition = {
        allOf = [
          {
            anyOf = [
              {
                containsAny = [
                  "string"
                ]
                equals = "string"
                field = "string"
              }
            ]
            containsAny = [
              "string"
            ]
            equals = "string"
            field = "string"
          }
        ]
      }
      description = "string"
      enabled = bool
      scopes = [
        "string"
      ]
      tenantScope = "string"
    }
  })
}

Property values

activityLogAlerts

Name Description Value
type The resource type "Microsoft.Insights/activityLogAlerts@2023-01-01-preview"
name The resource name string (required)

Character limit: 1-260

Valid characters:
Can't use:
<>*%{}&:\\?+/#| or control characters

Can't end with space or period.
location The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. string
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags The tags of the resource. Dictionary of tag names and values.
properties The Activity Log Alert rule properties of the resource. AlertRuleProperties

AlertRuleProperties

Name Description Value
actions The actions that will activate when the condition is met. ActionList (required)
condition The condition that will cause this alert to activate. AlertRuleAllOfCondition (required)
description A description of this Activity Log Alert rule. string
enabled Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. bool
scopes A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. string[]
tenantScope The tenant GUID. Must be provided for tenant-level and management group events rules. string

ActionList

Name Description Value
actionGroups The list of the Action Groups. ActionGroup[]

ActionGroup

Name Description Value
actionGroupId The resource ID of the Action Group. This cannot be null or empty. string (required)
actionProperties Predefined list of properties and configuration items for the action group. ActionGroupActionProperties
webhookProperties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. ActionGroupWebhookProperties

ActionGroupActionProperties

Name Description Value
{customized property} string

ActionGroupWebhookProperties

Name Description Value
{customized property} string

AlertRuleAllOfCondition

Name Description Value
allOf The list of Activity Log Alert rule conditions. AlertRuleAnyOfOrLeafCondition[] (required)

AlertRuleAnyOfOrLeafCondition

Name Description Value
anyOf An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. AlertRuleLeafCondition[]
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string

AlertRuleLeafCondition

Name Description Value
containsAny The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. string[]
equals The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. string
field The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'.
string