Logic App posting to Microsoft Teams data not showing in fields - azure

I've created an Alert in my App Service that sends an Alert to a logic app, the logic app is then posting a message to Microsoft Teams.
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/action-groups-logic-app
Everything is working as expected accept that i can get the data out of the individual into my Message.
I've used the following in schema in my logic App
{
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/MyAlert",
"alertRule": "Web - Test teams",
"severity": "Sev1",
"signalType": "Metric",
"monitorCondition": "Fired",
"monitoringService": "Platform",
"alertTargetIDs": [
"/subscriptions/MySub"
],
"originAlertId": "bd40051b-35fa-,
"firedDateTime": "2020-06-03T14:53:34.0942607Z",
"description": "",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": null,
"conditionType": "SingleResourceMultipleMetricCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Http2xx",
"metricNamespace": "Microsoft.Web/sites",
"operator": "GreaterThan",
"threshold": "5",
"timeAggregation": "Total",
"dimensions": [
{
"name": "ResourceId",
"value": "MyWebs.com"
}
],
"metricValue": 24,
"webTestName": null
}
],
"windowStartTime": "2020-06-03T14:45:23.095Z",
"windowEndTime": "2020-06-03T14:50:23.095Z"
}
}
}
}
Then in the designer added the fields
Here is the details from the Logic code view for the message body
"content": "Your Azure Monitor alert was triggered\nAzure monitor alert rule Web - Test teams was triggered at #{triggerBody()?['body']?['data']?['alertContext']?['condition']?['windowEndTime']}\n\nRule: #{triggerBody()?['body']?['data']?['essentials']?['alertRule']}\nBody:#{triggerBody()}\nHeader:#{triggerOutputs()['headers']}\nheaders:#{triggerBody()?['headers']}\nessentials:#{triggerBody()?['body']?['data']?['essentials']}\ndata:#{triggerBody()?['body']?['data']}\nbody:#{triggerBody()?['body']}"
The only field that gets populated is the body and none of the specific fields
Your Azure Monitor alert was triggered
Azure monitor alert rule Web - Test teams was triggered at
Rule:
Body:{"schemaId":"azureMonitorCommonAlertSchema","data":{"essentials":{"alertId":"/subscriptions/bresourceGroups/Microsoft.AlertsManagement/alerts","alertRule":"Web - Test Alert","severity":"Sev0","signalType":"Metric","monitorCondition":"Fired","monitoringService":"Platform","alertTargetIDs":[""],"originAlertId":"":"2020-06-03T15:49:20.1712118Z","description":"","essentialsVersion":"1.0","alertContextVersion":"1.0"},"alertContext":{"properties":null,"conditionType":"SingleResourceMultipleMetricCriteria","condition":{"windowSize":"PT5M","allOf":[{"metricName":"Http2xx","metricNamespace":"Microsoft.Web/sites","operator":"GreaterThan","threshold":"3","timeAggregation":"Count","dimensions":[{"name":"ResourceId","value":""}],"metricValue":7.0,"webTestName":null}],"windowStartTime":"2020-06-03T15:41:05.994Z","windowEndTime":"2020-06-03T15:46:05.994Z"}}}}
Header:{"Connection":"Keep-Alive","Expect":"100-continue","Host":"prod-06.uksouth.logic.azure.com","User-Agent":"IcMBroadcaster/1.0","X-CorrelationContext":"RkkKACgAAAACAAAAEABEgMLahbH0Sqw1EVoRy7Y8AQAQANlpmHhZlSRMkU6bLTb+DSk=","Content-Length":"1254","Content-Type":"application/json; charset=utf-8"}
headers:
essentials:
data:
body:

I had to manually update the Logic Code and remove the additional body tag
original
#{triggerBody()?['body']?['data']?['alertContext']?['condition']?['windowEndTime']}
to this
#{triggerBody()?['data']?['alertContext']?['condition']?['windowEndTime']}

Related

ADF until block skipped property to send mail Email notification

If until activity skipped after 5 mins. I need to send a mail.
How to send the message from until to email notification pipeline.
Email notification have message as a parameter. What is the correct Syntax if pipeline skipped
<p>Hi All,<\/p>\r\n<p>Below pipeline got failed please find the error details.<\/p><br \/>\r\n<p>Pipeline Name : #{pipeline().Pipeline}<\/p>\r\n<p>Error Detail : <br\/>#{activity('LKP_INF_JOB_STATUS').output.error.message}<\/p>\r\n<p> <\/p>\r\n<p>Thanks,<br\/>SPC Support Team<\/p>\r\n<p> <\/p>\r\n<p><br \/>Note:This is an auto-generated email from XYZ, please do not reply directly to this email.<\/p>
[![enter image description here][1]][1]
[1]: https://i.stack.imgur.com/yUtUQ.png
I implemented a simple solution for this:
1. Give your Until Activity a specific timeout
2. Create a Web Activity that uses the ADF API to query the Until Activity using a Completion dependency (blue arrow)
Refer to this Stack Overflow for details on how to use this API in ADF:
How to get output parameter from Executed Pipeline in ADF?
URL: https://management.azure.com/subscriptions/#{pipeline().parameters.SubscriptionId}/resourceGroups/#{pipeline().parameters.ResourceGroupName}/providers/Microsoft.DataFactory/factories/#{pipeline().DataFactory}/pipelineruns/#{pipeline().RunId}/queryActivityruns?api-version=2018-06-01
Body:
{
"lastUpdatedAfter": "2018-06-16T00:36:44.3345758Z",
"lastUpdatedBefore": "#{utcnow()}",
"filters": [
{
"operand": "ActivityName",
"operator": "Equals",
"values": [
"Until Timeout after 1 min"
]
}
]
}
3. Use output from activity in Switch to determine which Email Activity to use (Failure, or TimeOut)
Expression:
#activity('Check Until Activity Status').output.value[0].status
4. Email Activity
{
"personalizations": [
{
"to": [
{
"email": "YourEmail#blah.com",
"name": "blah"
}
],
"cc": [
{
"email": "jane_doe#example.com",
"name": "Jane Doe"
}
],
"bcc": [
{
"email": "james_doe#example.com",
"name": "Jim Doe"
}
]
}
],
"from": {
"email": "blah#example.com",
"name": "Blah"
},
"subject": "SkipEmail",
"content": [
{
"type": "text/html",
"value": "This is a Skip Example, put whatever here"
}
]
}

Grafana / Azure Monitor dimension filtering without splitting

I'm trying to display "Dependency duration" from Azure Monitor (Application Insights) in Grafana. I want to exclude "Azure Service Bus" from "dependency/type" dimension.
When I do this in Azure Monitor I get all dependencies as single value:
When I try to apply same filter in Grafana, all dimensions get split:
How can I avoid splitting dimensions, or alternatively how can I combine them back into one? Relevant part of code below. I tried removing "dimensionFilter": "*" but it did not change anything.
{
"azureMonitor": {
"dimensionFilter": "*",
"dimensionFilters": [
{
"dimension": "dependency/type",
"filter": "Azure Service Bus",
"operator": "ne"
}
],
"dimensions": [
{
"text": "Dependency type",
"value": "dependency/type"
}
],
"metricDefinition": "Microsoft.Insights/components",
"metricName": "dependencies/duration",
"metricNamespace": "microsoft.insights/components",
"resourceGroup": "$resources_rg",
"resourceName": "$app_insights"
]
}
}

How to send Azure monitor metric alerts to Slack

I have been trying to add an Azure monitor alert to slack. The resource is being provisioned via ARM template. However I couldn't get the alert to go to slack.
This is my actions section in the template
"actions": [
{
"actionGroupId": "[resourceId('Microsoft.Insights/actionGroups/', 'SlackWebhook')]",
"webHookProperties": {
"text": "Alert: memory usage exceeded threshold"
}
}
]
I have set up a dummy webhook to inspect the payload being sent. This is what I found
{
"schemaId": "AzureMonitorMetricAlert",
"data": {
"version": "2.0",
"properties": {
"text": "Dropbox connector Memory usage exceeded the threshold of 1GB"
},
"status": "Activated",
"context": {...}
}
}
The property goes inside data.properties. Slack expects the text property to be at the top level of request body. How to make this work?

Seperate Body/Header in logic app custom connector

Hi have an ARM Template that deploys some custom connectors. I have a connector called Start in that when i try to use this below piece of code which sets message body and header seperately it works fine. But when i do the same on a following connector , Assue Connector-Start as A and its followed by connector B. The input is not showing in different fields. Instead its not even relevant. can anyone help.
In the connector parameters here's the first block
{
"name": "Body",
"in": "body",
"schema": {
"type": "object",
"properties": {
"MessageBody": {
"type": "object",
"description": "Message body passed to the http trigger"
},
"MessageHeader": {
"type": "object",
"description": "Message header passed to the http trigger"
}
},
"required": [
"MessageBody",
"MessageHeader"
]
},
"description": "Message body to get properties from the message payload.",
"required": true
},
Here's the input shown in portal for connector-A
It seems, after deployment the old connector is cached. Removing it and adding it again worked.

Activity Log Alerts in Azure

I have created an Activity Log Alert in Azure that does a custom log search against an Application Insights instance.
The alert is working and action groups is notified through the channels I have set up.
The problem I'm having is to create that alert in the arm template we are using to deploy the resources.
When looking at the automation script in the portal the alerts are left out and is not visible. (microsoft.insights/scheduledqueryrules)
I can't find any information online on how to write the condition in the template so it works with a custom log search.
Any suggestions where to find info on how to write the condition or how to extract the template from the portal for those alerts.
This is an ARM template part that creates an alert with a scheduled query. It also adds an array of action groups that get notified when the alert is triggered:
{
"name": "[parameters('scheduleQueryMonitorApplicationError')]",
"type": "microsoft.insights/scheduledqueryrules",
"apiVersion": "2018-04-16",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-link:', resourceGroup().id, '/resourceGroups/', parameters('resourceGroupName'), '/providers/microsoft.insights/components/', parameters('applicationInsightsName'))]": "Resource"
},
"properties": {
"description": "[parameters('scheduleQueryMonitorApplicationError')]",
"enabled": "true",
"source": {
"query": "traces | where severityLevel == 3",
"queryType": "ResultCount",
"dataSourceId": "[resourceId('microsoft.insights/components', parameters('applicationInsightsName'))]"
},
"schedule": {
"frequencyInMinutes": 5,
"timeWindowInMinutes": 5
},
"action": {
"odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
"severity": "3",
"aznsAction": {
"actionGroup": "[array( resourceId('microsoft.insights/actiongroups', parameters('actionGroupName')) )]"
},
"trigger": {
"threshold": 1,
"thresholdOperator": "GreaterThan"
}
}
},
"dependsOn": [
"[resourceId('microsoft.insights/components', parameters('applicationInsightsName'))]"
]
},
Please see this stackoverflow thread, where a similar question was asked. Elfocrash mentions that he wrote a blog post about that, explaining how it works. I tried his method and it works.

Resources