/
azurerm_monitor_scheduled_query_rules_alert.tf
118 lines (108 loc) · 3.75 KB
/
azurerm_monitor_scheduled_query_rules_alert.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#https://www.terraform.io/docs/providers/azurerm/r/monitor_scheduled_query_rules_alert.html#example-usage
resource "azurerm_resource_group" "example" {
name = "monitoring-resources"
location = "West US"
}
resource "azurerm_application_insights" "example" {
name = "appinsights"
location = var.location
resource_group_name = azurerm_resource_group.example.name
application_type = "web"
}
resource "azurerm_application_insights" "example2" {
name = "appinsights2"
location = var.location
resource_group_name = azurerm_resource_group.example.name
application_type = "web"
}
# Example: Alerting Action with result count trigger
resource "azurerm_monitor_scheduled_query_rules_alert" "example" {
name = format("%s-queryrule", var.prefix)
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
action {
action_group = []
email_subject = "Email Header"
custom_webhook_payload = "{}"
}
data_source_id = azurerm_application_insights.example.id
description = "Alert when total results cross threshold"
enabled = true
# Count all requests with server error result code grouped into 5-minute bins
query = <<-QUERY
requests
| where tolong(resultCode) >= 500
| summarize count() by bin(timestamp, 5m)
QUERY
severity = 1
frequency = 5
time_window = 30
trigger {
operator = "GreaterThan"
threshold = 3
}
}
# Example: Alerting Action with metric trigger
resource "azurerm_monitor_scheduled_query_rules_alert" "example" {
name = format("%s-queryrule", var.prefix)
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
action {
action_group = []
email_subject = "Email Header"
custom_webhook_payload = "{}"
}
data_source_id = azurerm_application_insights.example.id
description = "Query results grouped into AggregatedValue; alert when results cross threshold"
enabled = true
# Count all requests with server error result code grouped into 5-minute bins by HTTP operation
query = <<-QUERY
requests
| where tolong(resultCode) >= 500
| summarize AggregatedValue = count() by operation_Name, bin(timestamp, 5m)
QUERY
severity = 1
frequency = 5
time_window = 30
trigger {
operator = "GreaterThan"
threshold = 3
metric_trigger {
operator = "GreaterThan"
threshold = 1
metric_trigger_type = "Total"
metric_column = "operation_Name"
}
}
}
# Example: Alerting Action Cross-Resource
resource "azurerm_monitor_scheduled_query_rules_alert" "example2" {
name = format("%s-queryrule2", var.prefix)
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
authorized_resource_ids = [azurerm_application_insights.example2.id]
action {
action_group = []
email_subject = "Email Header"
custom_webhook_payload = "{}"
}
data_source_id = azurerm_application_insights.example.id
description = "Query may access data within multiple resources"
enabled = true
# Count requests in multiple log resources and group into 5-minute bins by HTTP operation
query = format(<<-QUERY
let a=requests
| where toint(resultCode) >= 500
| extend fail=1; let b=app('%s').requests
| where toint(resultCode) >= 500 | extend fail=1; a
| join b on fail
QUERY
, azurerm_application_insights.example2.id)
severity = 1
frequency = 5
time_window = 30
trigger {
operator = "GreaterThan"
threshold = 3
}
}