你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Scheduled Query Rules - Create Or Update

服务:

Monitor

API 版本:

2018-04-16

创建或更新日志搜索规则。

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Insights/scheduledQueryRules/{ruleName}?api-version=2018-04-16

URI 参数

名称	在	必需	类型	说明
resourceGroupName	path	True	string	资源组的名称。 此名称不区分大小写。
ruleName	path	True	string	规则的名称。
subscriptionId	path	True	string	目标订阅的 ID。
api-version	query	True	string	要用于此操作的 API 版本。

请求正文

名称	必需	类型	说明
location	True	string	资源位置
properties.action	True	Action: AlertingAction LogToMetricAction	需要对规则执行执行操作。
properties.source	True	Source	数据源将针对哪个规则查询数据
properties.autoMitigate		boolean	指示是否应自动解决警报的标志。 默认值为 false。
properties.description		string	日志搜索规则的说明。
properties.displayName		string	警报规则的显示名称
properties.enabled		enabled	指示是否启用日志搜索规则的标志。 值应为 true 或 false
properties.schedule		Schedule	计划规则 (频率、时间窗口) 。 操作类型是必需的 - AlertingAction
tags		object	资源标记

响应

名称	类型	说明
200 OK	LogSearchRuleResource	成功请求更新日志搜索规则
201 Created	LogSearchRuleResource	已创建警报规则
Other Status Codes	ErrorContract	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Create or Update rule - AlertingAction

Create or Update rule - AlertingAction with Cross-Resource

Create or Update rule - LogToMetricAction

Create or Update rule - AlertingAction

示例请求

HTTP

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/logalertfoo?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

Java

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogMetricTrigger;
import com.azure.resourcemanager.monitor.models.MetricTriggerType;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "logalertfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("log alert description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)")
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(15).withTimeWindowInMinutes(15))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.ONE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(Arrays.asList())
                                    .withEmailSubject("Email Header")
                                    .withCustomWebhookPayload("{}"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(3.0)
                                    .withMetricTrigger(
                                        new LogMetricTrigger()
                                            .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                            .withThreshold(5.0D)
                                            .withMetricTriggerType(MetricTriggerType.CONSECUTIVE)
                                            .withMetricColumn("Computer")))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
func ExampleScheduledQueryRulesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client, err := armmonitor.NewScheduledQueryRulesClient("b67f7fec-69fc-4974-9099-a26bd6ffeda3", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := client.CreateOrUpdate(ctx,
		"Rac46PostSwapRG",
		"logalertfoo",
		armmonitor.LogSearchRuleResource{
			Location: to.Ptr("eastus"),
			Tags:     map[string]*string{},
			Properties: &armmonitor.LogSearchRule{
				Description: to.Ptr("log alert description"),
				Action: &armmonitor.AlertingAction{
					ODataType: to.Ptr("Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"),
					AznsAction: &armmonitor.AzNsActionGroup{
						ActionGroup:          []*string{},
						CustomWebhookPayload: to.Ptr("{}"),
						EmailSubject:         to.Ptr("Email Header"),
					},
					Severity: to.Ptr(armmonitor.AlertSeverityOne),
					Trigger: &armmonitor.TriggerCondition{
						MetricTrigger: &armmonitor.LogMetricTrigger{
							MetricColumn:      to.Ptr("Computer"),
							MetricTriggerType: to.Ptr(armmonitor.MetricTriggerTypeConsecutive),
							Threshold:         to.Ptr[float64](5),
							ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
						},
						Threshold:         to.Ptr[float64](3),
						ThresholdOperator: to.Ptr(armmonitor.ConditionalOperatorGreaterThan),
					},
				},
				Enabled: to.Ptr(armmonitor.EnabledTrue),
				Schedule: &armmonitor.Schedule{
					FrequencyInMinutes:  to.Ptr[int32](15),
					TimeWindowInMinutes: to.Ptr[int32](15),
				},
				Source: &armmonitor.Source{
					DataSourceID: to.Ptr("/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"),
					Query:        to.Ptr("Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)"),
					QueryType:    to.Ptr(armmonitor.QueryTypeResultCount),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// TODO: use response item
	_ = res
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRules.json
 */
async function createOrUpdateRuleAlertingAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "logalertfoo";
  const parameters = {
    description: "log alert description",
    action: {
      aznsAction: {
        actionGroup: [],
        customWebhookPayload: "{}",
        emailSubject: "Email Header",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "1",
      trigger: {
        metricTrigger: {
          metricColumn: "Computer",
          metricTriggerType: "Consecutive",
          threshold: 5,
          thresholdOperator: "GreaterThan",
        },
        threshold: 3,
        thresholdOperator: "GreaterThan",
      },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 15, timeWindowInMinutes: 15 },
    source: {
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      query: "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3,
        "metricTrigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 5,
          "metricTriggerType": "Consecutive",
          "metricColumn": "Computer"
        }
      }
    }
  }
}

状态代码:

201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/logalertfoo",
  "name": "logalertfoo",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "log alert description",
    "enabled": "true",
    "lastUpdatedTime": "2017-06-23T21:23:52.0221265Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "Heartbeat",
      "queryType": "ResultCount",
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace"
    },
    "schedule": {
      "frequencyInMinutes": 15,
      "timeWindowInMinutes": 15
    },
    "action": {
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      "severity": "1",
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 3
      },
      "aznsAction": {
        "actionGroup": [],
        "emailSubject": "Email Header",
        "customWebhookPayload": "{}"
      }
    }
  }
}

Create or Update rule - AlertingAction with Cross-Resource

示例请求

HTTP

PUT https://management.azure.com/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourcegroups/Rac46PostSwapRG/providers/Microsoft.Insights/scheduledQueryRules/SampleCrossResourceAlert?api-version=2018-04-16

{
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Java

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.AlertSeverity;
import com.azure.resourcemanager.monitor.models.AlertingAction;
import com.azure.resourcemanager.monitor.models.AzNsActionGroup;
import com.azure.resourcemanager.monitor.models.ConditionalOperator;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.QueryType;
import com.azure.resourcemanager.monitor.models.Schedule;
import com.azure.resourcemanager.monitor.models.Source;
import com.azure.resourcemanager.monitor.models.TriggerCondition;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
     */
    /**
     * Sample code: Create or Update rule - AlertingAction with Cross-Resource.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleAlertingActionWithCrossResource(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "Rac46PostSwapRG",
                "SampleCrossResourceAlert",
                new LogSearchRuleResourceInner()
                    .withLocation("eastus")
                    .withTags(mapOf())
                    .withDescription("Sample Cross Resource alert")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withQuery("union requests, workspace(\"sampleWorkspace\").Update")
                            .withAuthorizedResources(
                                Arrays
                                    .asList(
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
                                        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"))
                            .withDataSourceId(
                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI")
                            .withQueryType(QueryType.RESULT_COUNT))
                    .withSchedule(new Schedule().withFrequencyInMinutes(60).withTimeWindowInMinutes(60))
                    .withAction(
                        new AlertingAction()
                            .withSeverity(AlertSeverity.THREE)
                            .withAznsAction(
                                new AzNsActionGroup()
                                    .withActionGroup(
                                        Arrays
                                            .asList(
                                                "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"))
                                    .withEmailSubject("Cross Resource Mail!!"))
                            .withTrigger(
                                new TriggerCondition()
                                    .withThresholdOperator(ConditionalOperator.GREATER_THAN)
                                    .withThreshold(5000.0))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

No code sample is available. To request a code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRuleswithCrossResource.json
 */
async function createOrUpdateRuleAlertingActionWithCrossResource() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "b67f7fec-69fc-4974-9099-a26bd6ffeda3";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "Rac46PostSwapRG";
  const ruleName = "SampleCrossResourceAlert";
  const parameters = {
    description: "Sample Cross Resource alert",
    action: {
      aznsAction: {
        actionGroup: [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag",
        ],
        emailSubject: "Cross Resource Mail!!",
      },
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
      severity: "3",
      trigger: { threshold: 5000, thresholdOperator: "GreaterThan" },
    },
    enabled: "true",
    location: "eastus",
    schedule: { frequencyInMinutes: 60, timeWindowInMinutes: 60 },
    source: {
      authorizedResources: [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      ],
      dataSourceId:
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      query: 'union requests, workspace("sampleWorkspace").Update',
      queryType: "ResultCount",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

状态代码:

201

{
  "id": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/scheduledQueryRules/SampleCrossResourceAlert",
  "name": "SampleCrossResourceAlert",
  "type": "Microsoft.Insights/scheduledQueryRules",
  "location": "eastus",
  "tags": {},
  "properties": {
    "description": "Sample Cross Resource alert",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": "union requests, workspace(\"sampleWorkspace\").Update",
      "authorizedResources": [
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/Microsoft.OperationalInsights/workspaces/sampleWorkspace",
        "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI"
      ],
      "dataSourceId": "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/components/sampleAI",
      "queryType": "ResultCount"
    },
    "schedule": {
      "frequencyInMinutes": 60,
      "timeWindowInMinutes": 60
    },
    "action": {
      "severity": "3",
      "aznsAction": {
        "actionGroup": [
          "/subscriptions/b67f7fec-69fc-4974-9099-a26bd6ffeda3/resourceGroups/Rac46PostSwapRG/providers/microsoft.insights/actiongroups/test-ag"
        ],
        "emailSubject": "Cross Resource Mail!!"
      },
      "trigger": {
        "thresholdOperator": "GreaterThan",
        "threshold": 5000
      },
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
    }
  }
}

Create or Update rule - LogToMetricAction

示例请求

HTTP

PUT https://management.azure.com/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourcegroups/alertsweu/providers/Microsoft.Insights/scheduledQueryRules/logtometricfoo?api-version=2018-04-16

{
  "location": "West Europe",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "source": {
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

Java

import com.azure.core.util.Context;
import com.azure.resourcemanager.monitor.fluent.models.LogSearchRuleResourceInner;
import com.azure.resourcemanager.monitor.models.Criteria;
import com.azure.resourcemanager.monitor.models.Enabled;
import com.azure.resourcemanager.monitor.models.LogToMetricAction;
import com.azure.resourcemanager.monitor.models.Source;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ScheduledQueryRules CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
     */
    /**
     * Sample code: Create or Update rule - LogToMetricAction.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateRuleLogToMetricAction(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .diagnosticSettings()
            .manager()
            .serviceClient()
            .getScheduledQueryRules()
            .createOrUpdateWithResponse(
                "alertsweu",
                "logtometricfoo",
                new LogSearchRuleResourceInner()
                    .withLocation("West Europe")
                    .withTags(mapOf())
                    .withDescription("log to metric description")
                    .withEnabled(Enabled.TRUE)
                    .withSource(
                        new Source()
                            .withDataSourceId(
                                "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"))
                    .withAction(
                        new LogToMetricAction()
                            .withCriteria(
                                Arrays
                                    .asList(
                                        new Criteria()
                                            .withMetricName("Average_% Idle Time")
                                            .withDimensions(Arrays.asList())))),
                Context.NONE);
    }

    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

No code sample is available. To request a code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an log search rule.
 *
 * @summary Creates or updates an log search rule.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2018-04-16/examples/createOrUpdateScheduledQueryRule-LogToMetricAction.json
 */
async function createOrUpdateRuleLogToMetricAction() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "af52d502-a447-4bc6-8cb7-4780fbb00490";
  const resourceGroupName = process.env["MONITOR_RESOURCE_GROUP"] || "alertsweu";
  const ruleName = "logtometricfoo";
  const parameters = {
    description: "log to metric description",
    action: {
      criteria: [{ dimensions: [], metricName: "Average_% Idle Time" }],
      odataType:
        "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction",
    },
    enabled: "true",
    location: "West Europe",
    source: {
      dataSourceId:
        "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu",
    },
    tags: {},
  };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const result = await client.scheduledQueryRules.createOrUpdate(
    resourceGroupName,
    ruleName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "displayName": "logtometricfoo",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:31:56.3737792Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

状态代码:

201

{
  "id": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/microsoft.insights/scheduledqueryrules/logtometricfoo",
  "name": "logtometricfoo",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "tags": {},
  "properties": {
    "description": "log to metric description",
    "enabled": "true",
    "lastUpdatedTime": "2018-09-04T06:27:58.3892575Z",
    "provisioningState": "Succeeded",
    "source": {
      "query": null,
      "dataSourceId": "/subscriptions/af52d502-a447-4bc6-8cb7-4780fbb00490/resourceGroups/alertsweu/providers/Microsoft.OperationalInsights/workspaces/alertsweu"
    },
    "schedule": null,
    "action": {
      "criteria": [
        {
          "metricName": "Average_% Idle Time",
          "dimensions": []
        }
      ],
      "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction"
    }
  }
}

定义

名称	说明
AlertingAction	指定当规则类型为 Alert 时需要执行的操作
AlertSeverity	警报的严重性级别
AzNsActionGroup	Azure 操作组
ConditionalOperator	结果条件评估条件。
Criteria	指定将日志转换为指标的条件。
Dimension	指定将日志转换为指标的条件。
enabled	指示是否启用日志搜索规则的标志。 值应为 true 或 false
ErrorContract	描述错误响应的格式。
ErrorResponse	描述错误响应的格式。
LogMetricTrigger	日志指标触发器描述符。
LogSearchRuleResource	日志搜索规则资源。
LogToMetricAction	指定在规则类型将日志转换为指标时需要执行的操作
metricTriggerType	指标触发器类型 -“连续”或“总计”
operator	维度值的运算符
provisioningState	计划查询规则的预配状态
QueryType	将值设置为“ResultAccount”
Schedule	定义运行搜索的频率和时间间隔。
Source	指定日志搜索查询。
TriggerCondition	导致日志搜索规则的条件。

AlertingAction

指定当规则类型为 Alert 时需要执行的操作

名称	类型	说明
aznsAction	AzNsActionGroup	Azure 操作组参考。
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction	指定操作。 支持的值 - AlertingAction、LogToMetricAction
severity	AlertSeverity	警报的严重性
throttlingInMin	integer	时间 (分钟) 应限制或取消警报。
trigger	TriggerCondition	导致警报规则为 的触发条件。

AlertSeverity

警报的严重性级别

名称	类型	说明
0	string
1	string
2	string
3	string
4	string

AzNsActionGroup

Azure 操作组

名称	类型	说明
actionGroup	string[]	Azure 操作组参考。
customWebhookPayload	string	要为 Azure 操作组中的所有 Webhook URI 发送的自定义有效负载
emailSubject	string	Azure 操作组中所有电子邮件 ID 的自定义主题替代

ConditionalOperator

结果条件评估条件。

名称	类型	说明
Equal	string
GreaterThan	string
GreaterThanOrEqual	string
LessThan	string
LessThanOrEqual	string

Criteria

指定将日志转换为指标的条件。

名称	类型	说明
dimensions	Dimension[]	用于创建指标的维度列表
metricName	string	指标的名称

Dimension

指定将日志转换为指标的条件。

名称	类型	说明
name	string	维度的名称
operator	operator	维度值的运算符
values	string[]	维度值列表

enabled

指示是否启用日志搜索规则的标志。 值应为 true 或 false

名称	类型	说明
false	string
true	string

ErrorContract

描述错误响应的格式。

名称	类型	说明
error	ErrorResponse	错误详细信息。

ErrorResponse

描述错误响应的格式。

名称	类型	说明
code	string	错误代码
message	string	指示操作失败原因的错误消息。

LogMetricTrigger

日志指标触发器描述符。

名称	类型	默认值	说明
metricColumn	string		评估特定列的指标
metricTriggerType	metricTriggerType	Consecutive	指标触发器类型 -“连续”或“总计”
threshold	number		指标触发器的阈值。
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	指标 -“GreaterThan”、“LessThan”或“Equal”的计算操作。

LogSearchRuleResource

日志搜索规则资源。

名称	类型	默认值	说明
etag	string		etag 字段 不 是必需的。 如果响应正文中提供了它，则还必须根据常规 etag 约定将其作为标头提供。 实体标记用于比较同一请求资源中的两个或多个实体。 HTTP/1.1 使用 etag (第 14.19 节) 、If-Match (第 14.24 节) 、If-None-Match (第 14.26 节) 中的实体标记，以及 If-Range (第 14.27 节) 标头字段。
id	string		Azure 资源 ID
kind	string		门户/工具等用于呈现相同类型资源的不同 UX 体验的元数据;例如，ApiApps 是一种 Microsoft.Web/sites 类型。 如果受支持，资源提供程序必须验证并保留此值。
location	string		资源位置
name	string		Azure 资源名称
properties.action	Action: AlertingAction LogToMetricAction		需要对规则执行执行操作。
properties.autoMitigate	boolean	False	指示是否应自动解决警报的标志。 默认值为 false。
properties.createdWithApiVersion	string		创建此警报规则时使用的 API 版本
properties.description	string		日志搜索规则的说明。
properties.displayName	string		警报规则的显示名称
properties.enabled	enabled		指示是否启用日志搜索规则的标志。 值应为 true 或 false
properties.isLegacyLogAnalyticsRule	boolean		如果警报规则是旧版 Log Analytic 规则，则为 True
properties.lastUpdatedTime	string		上次以IS08601格式更新规则的时间。
properties.provisioningState	provisioningState		计划查询规则的预配状态
properties.schedule	Schedule		计划规则 (频率、时间窗口) 。 操作类型是必需的 - AlertingAction
properties.source	Source		数据源将针对哪个规则查询数据
tags	object		资源标记
type	string		Azure 资源类型

LogToMetricAction

指定在规则类型将日志转换为指标时需要执行的操作

名称	类型	说明
criteria	Criteria[]	指标条件
odata.type	string: Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.LogToMetricAction	指定操作。 支持的值 - AlertingAction、LogToMetricAction

metricTriggerType

指标触发器类型 -“连续”或“总计”

名称	类型	说明
Consecutive	string
Total	string

operator

维度值的运算符

名称	类型	说明
Include	string

provisioningState

计划查询规则的预配状态

名称	类型	说明
Canceled	string
Deploying	string
Failed	string
Succeeded	string

QueryType

将值设置为“ResultAccount”

名称	类型	说明
ResultCount	string

Schedule

定义运行搜索的频率和时间间隔。

名称	类型	说明
frequencyInMinutes	integer	frequency (以分钟为单位，) 应评估规则条件。
timeWindowInMinutes	integer	需要为查询 (提取数据的时间窗口应大于或等于 frequencyInMinutes) 。

Source

指定日志搜索查询。

名称	类型	说明
authorizedResources	string[]	引用到查询中的资源列表
dataSourceId	string	要对其运行日志搜索查询的资源 URI。
query	string	日志搜索查询。 操作类型是必需的 - AlertingAction
queryType	QueryType	将值设置为“ResultCount”。

TriggerCondition

导致日志搜索规则的条件。

名称	类型	默认值	说明
metricTrigger	LogMetricTrigger		指标查询规则的触发条件
threshold	number		基于应触发的规则的结果或计数阈值。
thresholdOperator	ConditionalOperator	GreaterThanOrEqual	规则的计算操作 -“GreaterThan”或“LessThan”。