-
Notifications
You must be signed in to change notification settings - Fork 130
/
disable_manage_scheduled_query_rule.py
131 lines (116 loc) · 4.03 KB
/
disable_manage_scheduled_query_rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------
import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.monitor import MonitorClient
from azure.mgmt.loganalytics import LogAnalyticsManagementClient
from azure.mgmt.resource import ResourceManagementClient
def main():
SUBSCRIPTION_ID = os.environ.get("SUBSCRIPTION_ID", None)
GROUP_NAME = "testgroupx"
WORKSPACE_NAME = "workspacex"
SCHEDULED_QUERY_RULE = "scheduledqueryrule"
# Create client
# For other authentication approaches, please see: https://pypi.org/project/azure-identity/
resource_client = ResourceManagementClient(
credential=DefaultAzureCredential(),
subscription_id=SUBSCRIPTION_ID
)
monitor_client = MonitorClient(
credential=DefaultAzureCredential(),
subscription_id=SUBSCRIPTION_ID
)
loganalytics_client = LogAnalyticsManagementClient(
credentials=DefaultAzureCredential(),
subscription_id=SUBSCRIPTION_ID
)
# Create resource group
resource_client.resource_groups.create_or_update(
GROUP_NAME,
{"location": "eastus"}
)
# Create workspace
workspace = loganalytics_client.workspaces.create_or_update(
GROUP_NAME,
WORKSPACE_NAME,
{
"sku": {
"name": "PerNode"
},
"retention_in_days": 30,
"location": "eastus",
"tags": {
"tag1": "val1"
}
}
).result()
# Create scheduled query rule
schedueld_query_rule = monitor_client.scheduled_query_rules.create_or_update(
GROUP_NAME,
SCHEDULED_QUERY_RULE,
{
"location": "eastus",
"description": "log alert description",
"enabled": "true",
"provisioning_state": "Succeeded",
"source": {
"query": "Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)",
"data_source_id": workspace.id,
"query_type": "ResultCount"
},
"schedule": {
"frequency_in_minutes": "15",
"time_window_in_minutes": "15"
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "1",
"azns_action": {
"action_group": [],
"email_subject": "Email Header",
"custom_webhook_payload": "{}"
},
"trigger": {
"threshold_operator": "GreaterThan",
"threshold": "3",
"metric_trigger": {
"threshold_operator": "GreaterThan",
"threshold": "5",
"metric_trigger_type": "Consecutive",
"metric_column": "Computer"
}
}
}
}
)
print("Create scheduled query rule:\n{}".format(schedueld_query_rule))
# Get scheduled query rule
schedueld_query_rule = monitor_client.scheduled_query_rules.get(
GROUP_NAME,
SCHEDULED_QUERY_RULE
)
print("Get scheduled query rule:\n{}".format(schedueld_query_rule))
# Patch scheduled query rule
schedueld_query_rule = monitor_client.scheduled_query_rules.update(
GROUP_NAME,
SCHEDULED_QUERY_RULE,
{
"enabled": "true"
}
)
print("Update scheduled query rule:\n{}".format(schedueld_query_rule))
# Delete scheduled query rule
monitor_client.scheduled_query_rules.delete(
GROUP_NAME,
SCHEDULED_QUERY_RULE
)
print("Delete scheduled query rule.\n")
# Delete Group
resource_client.resource_groups.begin_delete(
GROUP_NAME
).result()
if __name__ == "__main__":
main()