Alerts - Get Summary
Get a summarized count of your alerts grouped by various parameters (e.g. grouping by 'Severity' returns the count of alerts for each severity).
GET https://management.azure.com/{scope}/providers/Microsoft.AlertsManagement/alertsSummary?groupby={groupby}&api-version=2023-07-12-previewGET https://management.azure.com/{scope}/providers/Microsoft.AlertsManagement/alertsSummary?groupby={groupby}&includeSmartGroupsCount={includeSmartGroupsCount}&targetResource={targetResource}&targetResourceType={targetResourceType}&targetResourceGroup={targetResourceGroup}&monitorService={monitorService}&monitorCondition={monitorCondition}&severity={severity}&alertState={alertState}&alertRule={alertRule}&timeRange={timeRange}&customTimeRange={customTimeRange}&api-version=2023-07-12-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
scope
|
path | True |
string |
scope here is resourceId for which alert is created. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
|
groupby
|
query | True |
This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate. |
|
|
alert
|
query |
string |
Filter by specific alert rule. Default value is to select all. |
|
|
alert
|
query |
Filter by state of the alert instance. Default value is to select all. |
||
|
custom
|
query |
string |
Filter by custom time range in the format / where time is in (ISO-8601 format)'. Permissible values is within 30 days from query time. Either timeRange or customTimeRange could be used but not both. Default is none. |
|
|
include
|
query |
boolean |
Include count of the SmartGroups as part of the summary. Default value is 'false'. |
|
|
monitor
|
query |
Filter by monitor condition which is either 'Fired' or 'Resolved'. Default value is to select all. |
||
|
monitor
|
query |
Filter by monitor service which generates the alert instance. Default value is select all. |
||
|
severity
|
query |
Filter by severity. Default value is select all. |
||
|
target
|
query |
string |
Filter by target resource( which is full ARM ID) Default value is select all. |
|
|
target
|
query |
string |
Filter by target resource group name. Default value is select all. |
|
|
target
|
query |
string |
Filter by target resource type. Default value is select all. |
|
|
time
|
query |
Filter by time range by below listed values. Default value is 1 day. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK. Alert summary returned. |
|
| Other Status Codes |
Error response describing why the operation failed. |
Examples
Summary
Sample request
GET https://management.azure.com/subscriptions/1e3ff1c0-771a-4119-a03b-be82a51e232d/providers/Microsoft.AlertsManagement/alertsSummary?groupby=severity,alertState&api-version=2023-07-12-preview
Sample response
{
"properties": {
"groupedby": "severity",
"smartGroupsCount": 100,
"total": 14189,
"values": [
{
"name": "Sev0",
"count": 6517,
"groupedby": "alertState",
"values": [
{
"name": "New",
"count": 6517
},
{
"name": "Acknowledged",
"count": 0
},
{
"name": "Closed",
"count": 0
}
]
},
{
"name": "Sev1",
"count": 3175,
"groupedby": "alertState",
"values": [
{
"name": "New",
"count": 3175
},
{
"name": "Acknowledged",
"count": 0
},
{
"name": "Closed",
"count": 0
}
]
},
{
"name": "Sev2",
"count": 1120,
"groupedby": "alertState",
"values": [
{
"name": "New",
"count": 1120
},
{
"name": "Acknowledged",
"count": 0
},
{
"name": "Closed",
"count": 0
}
]
},
{
"name": "Sev3",
"count": 1902,
"groupedby": "alertState",
"values": [
{
"name": "New",
"count": 1902
},
{
"name": "Acknowledged",
"count": 0
},
{
"name": "Closed",
"count": 0
}
]
},
{
"name": "Sev4",
"count": 1475,
"groupedby": "alertState",
"values": [
{
"name": "New",
"count": 1475
},
{
"name": "Acknowledged",
"count": 0
},
{
"name": "Closed",
"count": 0
}
]
}
]
},
"id": "/subscriptions/1e3ff1c0-771a-4119-a03b-be82a51e232d/providers/Microsoft.AlertsManagement/alertsSummary/current",
"type": "Microsoft.AlertsManagement/alertsSummary",
"name": "current"
}Definitions
| Name | Description |
|---|---|
|
alerts |
Summary of alerts based on the input filters and 'groupby' parameters. |
|
alerts |
Group the result set. |
|
Alerts |
This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate. |
|
alerts |
Alerts summary group item |
|
Alert |
Alert object state, which can be modified by the user. |
|
error |
An error response from the service. |
|
error |
Details of error response. |
|
Monitor |
Condition of the rule at the monitor service. It represents whether the underlying conditions have crossed the defined alert rule thresholds. |
|
Monitor |
Monitor service on which the rule(monitor) is set. |
| Severity |
Severity of alert Sev0 being highest and Sev4 being lowest. |
|
Time |
Filter by time range by below listed values. Default value is 1 day. |
alertsSummary
Summary of alerts based on the input filters and 'groupby' parameters.
| Name | Type | Description |
|---|---|---|
| id |
string |
Azure resource Id |
| name |
string |
Azure resource name |
| properties |
Group the result set. |
|
| type |
string |
Azure resource type |
alertsSummaryGroup
Group the result set.
| Name | Type | Description |
|---|---|---|
| groupedby |
string |
Name of the field aggregated |
| smartGroupsCount |
integer (int64) |
Total count of the smart groups. |
| total |
integer (int64) |
Total count of the result set. |
| values |
List of the items |
AlertsSummaryGroupByFields
This parameter allows the result set to be grouped by input fields (Maximum 2 comma separated fields supported). For example, groupby=severity or groupby=severity,alertstate.
| Value | Description |
|---|---|
| alertRule | |
| alertState | |
| monitorCondition | |
| monitorService | |
| severity | |
| signalType |
alertsSummaryGroupItem
Alerts summary group item
| Name | Type | Description |
|---|---|---|
| count |
integer (int64) |
Count of the aggregated field |
| groupedby |
string |
Name of the field aggregated |
| name |
string |
Value of the aggregated field |
| values |
List of the items |
AlertState
Alert object state, which can be modified by the user.
| Value | Description |
|---|---|
| Acknowledged | |
| Closed | |
| New |
errorResponse
An error response from the service.
| Name | Type | Description |
|---|---|---|
| error |
Details of error response. |
errorResponseBody
Details of error response.
| Name | Type | Description |
|---|---|---|
| code |
string |
Error code, intended to be consumed programmatically. |
| details |
A list of additional details about the error. |
|
| message |
string |
Description of the error, intended for display in user interface. |
| target |
string |
Target of the particular error, for example name of the property. |
MonitorCondition
Condition of the rule at the monitor service. It represents whether the underlying conditions have crossed the defined alert rule thresholds.
| Value | Description |
|---|---|
| Fired | |
| Resolved |
MonitorService
Monitor service on which the rule(monitor) is set.
| Value | Description |
|---|---|
| ActivityLog Administrative | |
| ActivityLog Autoscale | |
| ActivityLog Policy | |
| ActivityLog Recommendation | |
| ActivityLog Security | |
| Application Insights | |
| Log Analytics | |
| Nagios | |
| Platform | |
| Resource Health | |
| SCOM | |
| ServiceHealth | |
| SmartDetector | |
| VM Insights | |
| Zabbix |
Severity
Severity of alert Sev0 being highest and Sev4 being lowest.
| Value | Description |
|---|---|
| Sev0 | |
| Sev1 | |
| Sev2 | |
| Sev3 | |
| Sev4 |
TimeRange
Filter by time range by below listed values. Default value is 1 day.
| Value | Description |
|---|---|
| 1d | |
| 1h | |
| 30d | |
| 7d |