workspaces
| Name | Type | Description |
|---|---|---|
| Activity Log LA Workspace Delete | ActivityLog | Activity Log LA Workspace Delete |
| Activity Log LA Workspace Regenerate Key | ActivityLog | Activity Log Alert for LA Workspace Regenerate Key |
| Average_% Available Memory | Metric | Average_% Available Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Committed Bytes In Use | Metric | Average_% Committed Bytes In Use. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Free Space | Metric | Average_% Free Space. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Idle Time | Metric | Average_% Idle Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% IO Wait Time | Metric | Average_% IO Wait Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Processor Time | Metric | Average_% Processor Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Used Inodes | Metric | Average_% Used Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Used Memory | Metric | Average_% Used Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Used Space | Metric | Average_% Used Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% Used Swap Space | Metric | Average_% Used Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_% User Time | Metric | Average_% User Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Available MBytes | Metric | Average_Available MBytes. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Available MBytes Memory | Metric | Average_Available MBytes Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Avg. Disk sec/Read | Metric | Average_Avg. Disk sec/Read. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Avg. Disk sec/Write | Metric | Average_Avg. Disk sec/Write. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Bytes Received/sec | Metric | Average_Bytes Received/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Bytes Sent/sec | Metric | Average_Bytes Sent/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Current Disk Queue Length | Metric | Average_Current Disk Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Disk Transfers/sec | Metric | Average_Disk Transfers/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Free Megabytes | Metric | Average_Free Megabytes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Pages/sec | Metric | Average_Pages/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Total Bytes Received | Metric | Average_Total Bytes Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Average_Total Bytes Transmitted | Metric | Average_Total Bytes Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Event | Metric | Event. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
| Heartbeat | Metric | Heartbeat. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |
Dashboards:
Click a tab to view the dashboard template
{
"__inputs": [],
"__elements": {},
"__requires": [
{
"type": "panel",
"id": "bargauge",
"name": "Bar gauge",
"version": ""
},
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "9.5.12"
},
{
"type": "datasource",
"id": "grafana-azure-monitor-datasource",
"name": "Azure Monitor",
"version": "1.0.0"
}
],
"title": "Workspaces",
"editable": true,
"links": [],
"liveNow": false,
"panels": [
{
"title": "Average_% Available Memory",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 10
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Available Memory'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Committed Bytes In Use",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Committed Bytes In Use'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Free Space",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 10
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Free Space'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Idle Time",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 20
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 8
},
"id": 4,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Idle Time'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% IO Wait Time",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 5,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% IO Wait Time'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Processor Time",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 6,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Processor Time'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Used Inodes",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 24
},
"id": 7,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Used Inodes'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Used Memory",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 24
},
"id": 8,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Used Memory'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Used Space",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 95
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 32
},
"id": 9,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Used Space'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% Used Swap Space",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 50
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 32
},
"id": 10,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% Used Swap Space'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_% User Time",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 90
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 40
},
"id": 11,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_% User Time'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Available MBytes",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 512
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 40
},
"id": 12,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Available MBytes'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Available MBytes Memory",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 1
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 48
},
"id": 13,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Available MBytes Memory'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Avg. Disk sec/Read",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 0.04
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 48
},
"id": 14,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Avg. Disk sec/Read'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Avg. Disk sec/Write",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 0.04
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 56
},
"id": 15,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Avg. Disk sec/Write'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Bytes Received/sec",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 56
},
"id": 16,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Bytes Received/sec'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Bytes Sent/sec",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 64
},
"id": 17,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Bytes Sent/sec'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Current Disk Queue Length",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 2
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 64
},
"id": 18,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Current Disk Queue Length'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Disk Transfers/sec",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 100
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 72
},
"id": 19,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Disk Transfers/sec'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Free Megabytes",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 10240
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 72
},
"id": 20,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Free Megabytes'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Pages/sec",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 5000
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 80
},
"id": 21,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Pages/sec'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Total Bytes Received",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 80
},
"id": 22,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Total Bytes Received'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Average_Total Bytes Transmitted",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 88
},
"id": 23,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Average_Total Bytes Transmitted'\r\n| summarize metric = avg(Average) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Event",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-green",
"value": 0
},
{
"color": "dark-red",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 88
},
"id": 24,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Event'\r\n| summarize metric = avg(Count) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
},
{
"title": "Heartbeat",
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "#808080",
"value": null
},
{
"color": "dark-red",
"value": 0
},
{
"color": "dark-green",
"value": 0
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 96
},
"id": 25,
"options": {
"displayMode": "basic",
"minVizHeight": 10,
"minVizWidth": 0,
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": true
},
"showUnfilled": true,
"valueMode": "color"
},
"pluginVersion": "9.5.12",
"targets": [
{
"azureLogAnalytics": {
"query": "AzureMetrics\r\n| where _ResourceId has 'Microsoft.OperationalInsights/workspaces'\r\n| where MetricName has 'Heartbeat'\r\n| summarize metric = avg(Total) by _ResourceId, Resource",
"resources": [
"/subscriptions/$sub"
]
},
"azureMonitor": {
"allowedTimeGrainsMs": [],
"timeGrain": "auto"
},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"queryType": "Azure Log Analytics",
"refId": "A"
}
],
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"_ResourceId": true
},
"indexByName": {},
"renameByName": {}
}
}
],
"type": "bargauge"
}
],
"refresh": "",
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {},
"hide": 0,
"includeAll": false,
"label": "Datasource",
"multi": false,
"name": "ds",
"options": [],
"query": "grafana-azure-monitor-datasource",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"definition": "",
"hide": 0,
"includeAll": false,
"label": "Subscription",
"multi": false,
"name": "sub",
"options": [],
"query": {
"azureLogAnalytics": {
"query": "",
"resources": []
},
"queryType": "Azure Subscriptions",
"refId": "A"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"version": null
}Activity Log LA Workspace Delete - ActivityLog Alert
Activity Log LA Workspace Delete
Properties:
| category | Administrative |
| operationName | Microsoft.OperationalInsights/workspaces/delete |
| status | |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Activity Log LA Workspace Delete",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.OperationalInsights/workspaces/delete"
},
{
"field": "status",
"containsAny": ["succeeded"]
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Activity Log LA Workspace Delete'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'Administrative'
}
{
field: 'operationName'
equals: 'Microsoft.OperationalInsights/workspaces/delete'
}
{
field: 'status'
containsAny: ['succeeded']
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_LAWorkspace_Delete",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Activity Log LA Workspace Delete Alert",
"description": "Policy to Deploy Activity Log LA Workspace Delete Alert",
"metadata": {
"version": "1.0.3",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Tag name to disable monitoring on resource. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"name": "ActivityLAWorkspaceDelete",
"existenceScope": "resourcegroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "Administrative"
}
]
},
{
"allOf": [
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field",
"equals": "operationName"
},
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals",
"equals": "Microsoft.OperationalInsights/workspaces/delete"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ActivityLAWorkspaceDelete",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ActivityLAWorkspaceDelete",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Activity Log LA Workspace Delete",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.OperationalInsights/workspaces/delete"
},
{
"field": "status",
"containsAny": [
"succeeded"
]
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
}
}
}
}
}
}
}
}
}
Activity Log LA Workspace Regenerate Key - ActivityLog Alert
Activity Log Alert for LA Workspace Regenerate Key
Properties:
| category | Administrative |
| operationName | Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action |
| status | |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Activity Log Alert for LA Workspace Regenerate Key",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action"
},
{
"field": "status",
"containsAny": ["succeeded"]
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Activity Log Alert for LA Workspace Regenerate Key'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'Administrative'
}
{
field: 'operationName'
equals: 'Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action'
}
{
field: 'status'
containsAny: ['succeeded']
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_LAWorkspace_KeyRegen",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Activity Log LA Workspace Regenerate Key Alert",
"description": "Policy to Deploy Activity Log LA Workspace Regenerate Key Alert",
"metadata": {
"version": "1.0.2",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"environment": "test",
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Tag name to disable monitoring on resource. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"name": "ActivityLAWorkspaceRegenKey",
"existenceScope": "resourceGroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "Administrative"
}
]
},
{
"allOf": [
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field",
"equals": "operationName"
},
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals",
"equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ActivityLAWorkspaceRegenKey",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ActivityLAWorkspaceRegenKey",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Activity Log LA Workspace Regenerate Key",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action"
},
{
"field": "status",
"containsAny": [
"succeeded"
]
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
}
}
}
}
}
}
}
}
}
Average_% Available Memory - Metric Alert
Average_% Available Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_% Available Memory |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 3 |
| threshold | 10 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Available Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "10",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Available Memory",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Available Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 10
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Available Memory'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "91044c16-83bc-457f-80a9-360bad5dedb4",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Available Memory Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Available Memory Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "10"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Available Memory"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Available Memory-threshold-Override_'), field('tags._amba-Average_% Available Memory-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Available Memory')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Available Memory",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Available Memory",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Available Memory",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Available Memory-threshold-Override_'), field('tags._amba-Average_% Available Memory-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Committed Bytes In Use - Metric Alert
Average_% Committed Bytes In Use. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% Committed Bytes In Use |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 90 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Committed Bytes In Use. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Committed Bytes In Use",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Committed Bytes In Use. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Committed Bytes In Use'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "a70e406c-a0ae-4e0f-99cd-8b0836812c59",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Committed Bytes In Use Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Committed Bytes In Use Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Committed Bytes In Use"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Committed Bytes In Use-threshold-Override_'), field('tags._amba-Average_% Committed Bytes In Use-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Committed Bytes In Use')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Committed Bytes In Use",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Committed Bytes In Use",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Committed Bytes In Use",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Committed Bytes In Use-threshold-Override_'), field('tags._amba-Average_% Committed Bytes In Use-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Free Space - Metric Alert
Average_% Free Space. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% Free Space |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 3 |
| threshold | 10 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Free Space. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "10",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Free Space",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Free Space. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 10
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Free Space'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "db621663-ec0a-4fa3-82a7-b6b110726568",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Free Space Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Free Space Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "10"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Free Space"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Free Space-threshold-Override_'), field('tags._amba-Average_% Free Space-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Free Space')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Free Space",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Free Space",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Free Space",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Free Space-threshold-Override_'), field('tags._amba-Average_% Free Space-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Idle Time - Metric Alert
Average_% Idle Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_% Idle Time |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 2 |
| threshold | 20 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Idle Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 2,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "20",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Idle Time",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["logicaldisk"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Idle Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 2
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 20
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Idle Time'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['logicaldisk']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "732c0a7b-ac17-47cb-bf78-2ebaa839fa0d",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Idle Time Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Idle Time Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "2"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "20"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Idle Time"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Idle Time-threshold-Override_'), field('tags._amba-Average_% Idle Time-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Idle Time')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Idle Time",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Idle Time",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Idle Time",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Idle Time-threshold-Override_'), field('tags._amba-Average_% Idle Time-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% IO Wait Time - Metric Alert
Average_% IO Wait Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% IO Wait Time |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThanOrEqual |
| severity | 4 |
| threshold | 80 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% IO Wait Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 4,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThanOrEqual",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "80",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% IO Wait Time",
"dimensions": [{"operator": "include", "name": "computer", "values": ["vm-prd-dmzout-k8snodes-001"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% IO Wait Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 4
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThanOrEqual'
@description('The threshold value at which the alert is activated.')
param threshold int = 80
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% IO Wait Time'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['vm-prd-dmzout-k8snodes-001']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "1116a5eb-9e12-415a-af46-fad552421d36",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% IO Wait Time Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% IO Wait Time Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "4"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "80"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% IO Wait Time"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThanOrEqual"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% IO Wait Time-threshold-Override_'), field('tags._amba-Average_% IO Wait Time-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% IO Wait Time')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% IO Wait Time",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% IO Wait Time",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% IO Wait Time",
"operator": "GreaterThanOrEqual",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% IO Wait Time-threshold-Override_'), field('tags._amba-Average_% IO Wait Time-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Processor Time - Metric Alert
Average_% Processor Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% Processor Time |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 90 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Processor Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Processor Time",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Processor Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Processor Time'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "0c416177-e7ce-40d5-8f15-8566b3d7c03c",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Processor Time Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Processor Time Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Processor Time"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Processor Time-threshold-Override_'), field('tags._amba-Average_% Processor Time-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Processor Time')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Processor Time",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Processor Time",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Processor Time",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Processor Time-threshold-Override_'), field('tags._amba-Average_% Processor Time-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Used Inodes - Metric Alert
Average_% Used Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_% Used Inodes |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 0 |
| threshold | 80 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Used Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 0,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "80",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Used Inodes",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Used Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 0
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 80
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Used Inodes'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "af5d055f-0e1f-4c48-808a-d21f8268357d",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Used Inodes Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Used Inodes Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "0"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "80"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Used Inodes"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Used Inodes-threshold-Override_'), field('tags._amba-Average_% Used Inodes-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Used Inodes')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Used Inodes",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Used Inodes",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Used Inodes",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Used Inodes-threshold-Override_'), field('tags._amba-Average_% Used Inodes-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Used Memory - Metric Alert
Average_% Used Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% Used Memory |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 90 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Used Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Used Memory",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Used Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Used Memory'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "171e5b5c-78cc-44a1-b7fb-7d750914ed5e",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Used Memory Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Used Memory Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Used Memory"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Used Memory-threshold-Override_'), field('tags._amba-Average_% Used Memory-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Used Memory')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Used Memory",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Used Memory",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Used Memory",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Used Memory-threshold-Override_'), field('tags._amba-Average_% Used Memory-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Used Space - Metric Alert
Average_% Used Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% Used Space |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 95 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Used Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "95",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Used Space",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Used Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 95
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Used Space'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "49ba0df7-18bf-4b3e-9d0f-f8c055762fd5",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Used Space Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Used Space Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "95"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Used Space"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Used Space-threshold-Override_'), field('tags._amba-Average_% Used Space-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Used Space')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Used Space",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Used Space",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Used Space",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Used Space-threshold-Override_'), field('tags._amba-Average_% Used Space-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% Used Swap Space - Metric Alert
Average_% Used Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT15M |
| metricName | Average_% Used Swap Space |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 1 |
| threshold | 50 |
| timeAggregation | Average |
| windowSize | PT1H |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% Used Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "50",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT1H",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% Used Swap Space",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% Used Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 50
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT1H'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT15M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% Used Swap Space'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "04f64694-48a2-48ee-9455-ccce8e59b66f",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% Used Swap Space Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% Used Swap Space Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT1H"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT15M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "50"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% Used Swap Space"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% Used Swap Space-threshold-Override_'), field('tags._amba-Average_% Used Swap Space-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% Used Swap Space')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% Used Swap Space",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% Used Swap Space",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% Used Swap Space",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% Used Swap Space-threshold-Override_'), field('tags._amba-Average_% Used Swap Space-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_% User Time - Metric Alert
Average_% User Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_% User Time |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThanOrEqual |
| severity | 4 |
| threshold | 90 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_% User Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 4,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThanOrEqual",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "90",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_% User Time",
"dimensions": [{"operator": "include", "name": "computer", "values": ["vm-prd-dmzout-k8snodes-001"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_% User Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 4
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThanOrEqual'
@description('The threshold value at which the alert is activated.')
param threshold int = 90
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_% User Time'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['vm-prd-dmzout-k8snodes-001']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "b8140cdb-5492-4177-881f-8668372947a8",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_% User Time Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_% User Time Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "4"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "90"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_% User Time"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThanOrEqual"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_% User Time-threshold-Override_'), field('tags._amba-Average_% User Time-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_% User Time')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_% User Time",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_% User Time",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_% User Time",
"operator": "GreaterThanOrEqual",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_% User Time-threshold-Override_'), field('tags._amba-Average_% User Time-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Available MBytes - Metric Alert
Average_Available MBytes. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_Available MBytes |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 3 |
| threshold | 512 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Available MBytes. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "512",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Available MBytes",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Available MBytes. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 512
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Available MBytes'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "b0c5e86f-eb2d-41ea-a4a0-9819ad841c70",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Available MBytes Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Available MBytes Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "512"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Available MBytes"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Available MBytes-threshold-Override_'), field('tags._amba-Average_Available MBytes-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Available MBytes')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Available MBytes",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Available MBytes",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Available MBytes",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Available MBytes-threshold-Override_'), field('tags._amba-Average_Available MBytes-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Available MBytes Memory - Metric Alert
Average_Available MBytes Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_Available MBytes Memory |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 3 |
| threshold | 1 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Available MBytes Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "1",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Available MBytes Memory",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Available MBytes Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 1
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Available MBytes Memory'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "99ba0b14-4b3c-49b5-8763-3161b9aae538",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Available MBytes Memory Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Available MBytes Memory Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "1"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Available MBytes Memory"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Available MBytes Memory-threshold-Override_'), field('tags._amba-Average_Available MBytes Memory-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Available MBytes Memory')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Available MBytes Memory",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Available MBytes Memory",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Available MBytes Memory",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Available MBytes Memory-threshold-Override_'), field('tags._amba-Average_Available MBytes Memory-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Avg. Disk sec/Read - Metric Alert
Average_Avg. Disk sec/Read. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_Avg. Disk sec/Read |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 2 |
| threshold | 0.04 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Avg. Disk sec/Read. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 2,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Avg. Disk sec/Read",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["logicaldisk"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Avg. Disk sec/Read. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 2
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Avg. Disk sec/Read'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['logicaldisk']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "8b472051-ff68-4059-9e50-243bfb64bae4",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Avg. Disk sec/Read Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Avg. Disk sec/Read Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "2"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "0.04"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Avg. Disk sec/Read"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Avg. Disk sec/Read-threshold-Override_'), field('tags._amba-Average_Avg. Disk sec/Read-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Avg. Disk sec/Read')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Avg. Disk sec/Read",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Avg. Disk sec/Read",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Avg. Disk sec/Read",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Avg. Disk sec/Read-threshold-Override_'), field('tags._amba-Average_Avg. Disk sec/Read-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Avg. Disk sec/Write - Metric Alert
Average_Avg. Disk sec/Write. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_Avg. Disk sec/Write |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 2 |
| threshold | 0.04 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Avg. Disk sec/Write. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 2,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Avg. Disk sec/Write",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["logicaldisk"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Avg. Disk sec/Write. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 2
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Avg. Disk sec/Write'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['logicaldisk']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "aad0e64e-3cda-45bf-b6bd-8cff29ee35e5",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Avg. Disk sec/Write Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Avg. Disk sec/Write Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "2"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "0.04"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Avg. Disk sec/Write"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Avg. Disk sec/Write-threshold-Override_'), field('tags._amba-Average_Avg. Disk sec/Write-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Avg. Disk sec/Write')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Avg. Disk sec/Write",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Avg. Disk sec/Write",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Avg. Disk sec/Write",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Avg. Disk sec/Write-threshold-Override_'), field('tags._amba-Average_Avg. Disk sec/Write-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Bytes Received/sec - Metric Alert
Average_Bytes Received/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| alertSensitivity | Medium |
| criterionType | DynamicThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| failingPeriods | |
| metricName | Average_Bytes Received/sec |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterOrLessThan |
| severity | 1 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Bytes Received/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterOrLessThan",
"allowedValues": [
"GreaterThan",
"LessThan",
"GreaterOrLessThan"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"alertSensitivity": {
"type": "string",
"defaultValue": "##ALERT_SENSITIVITY##",
"allowedValues": [
"High",
"Medium",
"Low"
],
"metadata": {
"description": "Tunes how 'noisy' the Dynamic Thresholds alerts will be: 'High' will result in more alerts while 'Low' will result in fewer alerts."
}
},
"numberOfEvaluationPeriods": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "The number of periods to check in the alert evaluation."
}
},
"minFailingPeriodsToAlert": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods)."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"criterionType": "DynamicThresholdCriterion",
"name": "1st criterion",
"metricName": "Average_Bytes Received/sec",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}, {"operator": "include", "name": "sourcesystem", "values": ["*"]}],
"operator": "[parameters('operator')]",
"alertSensitivity": "[parameters('alertSensitivity')]",
"failingPeriods": {
"numberOfEvaluationPeriods": "[parameters('numberOfEvaluationPeriods')]",
"minFailingPeriodsToAlert": "[parameters('minFailingPeriodsToAlert')]"
},
"timeAggregation": "[parameters('timeAggregation')]"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Bytes Received/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'GreaterThan'
'LessThan'
'GreaterOrLessThan'
])
param operator string = 'GreaterOrLessThan'
@description('Tunes how \'noisy\' the Dynamic Thresholds alerts will be: \'High\' will result in more alerts while \'Low\' will result in fewer alerts.')
@allowed([
'High'
'Medium'
'Low'
])
param alertSensitivity string = '##ALERT_SENSITIVITY##'
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 4
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 3
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
criterionType: 'DynamicThresholdCriterion'
name: '1st criterion'
metricName: 'Average_Bytes Received/sec'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}
{
name: 'sourcesystem'
operator: 'include'
values: ['*']
}]
operator: operator
alertSensitivity: alertSensitivity
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
timeAggregation: timeAggregation
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "60ec2790-dc83-419c-bdb5-38da9a477c68",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Bytes Received/sec Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Bytes Received/sec Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"alertSensitivity": {
"type": "String",
"metadata": {
"displayName": "Alert Sensitivity",
"description": "Alert Sensitivity for the alert"
},
"allowedValues": [
"Low",
"Medium",
"High"
],
"defaultValue": "Medium"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Bytes Received/sec"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator",
"equals": "GreaterOrLessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity",
"equals": "[[parameters('alertSensitivity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert",
"equals": 3
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods",
"equals": 4
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"alertSensitivity": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Bytes Received/sec')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Bytes Received/sec",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Bytes Received/sec",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Bytes Received/sec",
"operator": "GreaterOrLessThan",
"alertSensitivity": "[[parameters('alertSensitivity')]",
"failingPeriods": {
"minFailingPeriodsToAlert": 3,
"numberOfEvaluationPeriods": 4
},
"timeAggregation": "Average",
"criterionType": "DynamicThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
}
}
}
}
}
Average_Bytes Sent/sec - Metric Alert
Average_Bytes Sent/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| alertSensitivity | Medium |
| criterionType | DynamicThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| failingPeriods | |
| metricName | Average_Bytes Sent/sec |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterOrLessThan |
| severity | 1 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Bytes Sent/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterOrLessThan",
"allowedValues": [
"GreaterThan",
"LessThan",
"GreaterOrLessThan"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"alertSensitivity": {
"type": "string",
"defaultValue": "##ALERT_SENSITIVITY##",
"allowedValues": [
"High",
"Medium",
"Low"
],
"metadata": {
"description": "Tunes how 'noisy' the Dynamic Thresholds alerts will be: 'High' will result in more alerts while 'Low' will result in fewer alerts."
}
},
"numberOfEvaluationPeriods": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "The number of periods to check in the alert evaluation."
}
},
"minFailingPeriodsToAlert": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods)."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"criterionType": "DynamicThresholdCriterion",
"name": "1st criterion",
"metricName": "Average_Bytes Sent/sec",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}, {"operator": "include", "name": "sourcesystem", "values": ["*"]}],
"operator": "[parameters('operator')]",
"alertSensitivity": "[parameters('alertSensitivity')]",
"failingPeriods": {
"numberOfEvaluationPeriods": "[parameters('numberOfEvaluationPeriods')]",
"minFailingPeriodsToAlert": "[parameters('minFailingPeriodsToAlert')]"
},
"timeAggregation": "[parameters('timeAggregation')]"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Bytes Sent/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'GreaterThan'
'LessThan'
'GreaterOrLessThan'
])
param operator string = 'GreaterOrLessThan'
@description('Tunes how \'noisy\' the Dynamic Thresholds alerts will be: \'High\' will result in more alerts while \'Low\' will result in fewer alerts.')
@allowed([
'High'
'Medium'
'Low'
])
param alertSensitivity string = '##ALERT_SENSITIVITY##'
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 4
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 3
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
criterionType: 'DynamicThresholdCriterion'
name: '1st criterion'
metricName: 'Average_Bytes Sent/sec'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}
{
name: 'sourcesystem'
operator: 'include'
values: ['*']
}]
operator: operator
alertSensitivity: alertSensitivity
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
timeAggregation: timeAggregation
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "de6d5087-bc5a-474f-9319-248a3c03ab44",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Bytes Sent/sec Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Bytes Sent/sec Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"alertSensitivity": {
"type": "String",
"metadata": {
"displayName": "Alert Sensitivity",
"description": "Alert Sensitivity for the alert"
},
"allowedValues": [
"Low",
"Medium",
"High"
],
"defaultValue": "Medium"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Bytes Sent/sec"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator",
"equals": "GreaterOrLessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity",
"equals": "[[parameters('alertSensitivity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert",
"equals": 3
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods",
"equals": 4
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"alertSensitivity": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Bytes Sent/sec')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Bytes Sent/sec",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Bytes Sent/sec",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Bytes Sent/sec",
"operator": "GreaterOrLessThan",
"alertSensitivity": "[[parameters('alertSensitivity')]",
"failingPeriods": {
"minFailingPeriodsToAlert": 3,
"numberOfEvaluationPeriods": 4
},
"timeAggregation": "Average",
"criterionType": "DynamicThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
}
}
}
}
}
Average_Current Disk Queue Length - Metric Alert
Average_Current Disk Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_Current Disk Queue Length |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 2 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Current Disk Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "2",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Current Disk Queue Length",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Current Disk Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 2
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Current Disk Queue Length'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "08a4f049-9bb8-45d0-9dfb-320f385cc71f",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Current Disk Queue Length Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Current Disk Queue Length Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "2"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Current Disk Queue Length"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Current Disk Queue Length-threshold-Override_'), field('tags._amba-Average_Current Disk Queue Length-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Current Disk Queue Length')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Current Disk Queue Length",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Current Disk Queue Length",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Current Disk Queue Length",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Current Disk Queue Length-threshold-Override_'), field('tags._amba-Average_Current Disk Queue Length-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Disk Transfers/sec - Metric Alert
Average_Disk Transfers/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Average_Disk Transfers/sec |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 3 |
| threshold | 100 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Disk Transfers/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 3,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "100",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Disk Transfers/sec",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Disk Transfers/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 3
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 100
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Disk Transfers/sec'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "30b462dd-d026-4122-9bcf-3a114517e04c",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Disk Transfers/sec Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Disk Transfers/sec Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "3"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "100"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Disk Transfers/sec"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Disk Transfers/sec-threshold-Override_'), field('tags._amba-Average_Disk Transfers/sec-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Disk Transfers/sec')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Disk Transfers/sec",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Disk Transfers/sec",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Disk Transfers/sec",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Disk Transfers/sec-threshold-Override_'), field('tags._amba-Average_Disk Transfers/sec-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Free Megabytes - Metric Alert
Average_Free Megabytes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_Free Megabytes |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThan |
| severity | 2 |
| threshold | 10240 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Free Megabytes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 2,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "10240",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Free Megabytes",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["c:", "/"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Free Megabytes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 2
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 10240
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Free Megabytes'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['c:','/']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "969677fe-d1e0-42f6-92af-c9269780411b",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Free Megabytes Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Free Megabytes Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "2"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "10240"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Free Megabytes"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Free Megabytes-threshold-Override_'), field('tags._amba-Average_Free Megabytes-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Free Megabytes')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Free Megabytes",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Free Megabytes",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Free Megabytes",
"operator": "LessThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Free Megabytes-threshold-Override_'), field('tags._amba-Average_Free Megabytes-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Pages/sec - Metric Alert
Average_Pages/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT5M |
| metricName | Average_Pages/sec |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 2 |
| threshold | 5000 |
| timeAggregation | Average |
| windowSize | PT15M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Pages/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 2,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "5000",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT15M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Average_Pages/sec",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["memory"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Pages/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 2
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 5000
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT15M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT5M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Average_Pages/sec'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['memory']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "88b7198b-32a5-4ae2-aaa5-7925066cc08c",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Pages/sec Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Pages/sec Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "2"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT15M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT5M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "5000"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Pages/sec"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Average_Pages/sec-threshold-Override_'), field('tags._amba-Average_Pages/sec-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Pages/sec')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Pages/sec",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Pages/sec",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Pages/sec",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Average",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Average_Pages/sec-threshold-Override_'), field('tags._amba-Average_Pages/sec-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Average_Total Bytes Received - Metric Alert
Average_Total Bytes Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| alertSensitivity | Medium |
| criterionType | DynamicThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| failingPeriods | |
| metricName | Average_Total Bytes Received |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterOrLessThan |
| severity | 1 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Total Bytes Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterOrLessThan",
"allowedValues": [
"GreaterThan",
"LessThan",
"GreaterOrLessThan"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"alertSensitivity": {
"type": "string",
"defaultValue": "##ALERT_SENSITIVITY##",
"allowedValues": [
"High",
"Medium",
"Low"
],
"metadata": {
"description": "Tunes how 'noisy' the Dynamic Thresholds alerts will be: 'High' will result in more alerts while 'Low' will result in fewer alerts."
}
},
"numberOfEvaluationPeriods": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "The number of periods to check in the alert evaluation."
}
},
"minFailingPeriodsToAlert": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods)."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"criterionType": "DynamicThresholdCriterion",
"name": "1st criterion",
"metricName": "Average_Total Bytes Received",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}, {"operator": "include", "name": "sourcesystem", "values": ["*"]}],
"operator": "[parameters('operator')]",
"alertSensitivity": "[parameters('alertSensitivity')]",
"failingPeriods": {
"numberOfEvaluationPeriods": "[parameters('numberOfEvaluationPeriods')]",
"minFailingPeriodsToAlert": "[parameters('minFailingPeriodsToAlert')]"
},
"timeAggregation": "[parameters('timeAggregation')]"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Total Bytes Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'GreaterThan'
'LessThan'
'GreaterOrLessThan'
])
param operator string = 'GreaterOrLessThan'
@description('Tunes how \'noisy\' the Dynamic Thresholds alerts will be: \'High\' will result in more alerts while \'Low\' will result in fewer alerts.')
@allowed([
'High'
'Medium'
'Low'
])
param alertSensitivity string = '##ALERT_SENSITIVITY##'
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 4
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 3
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
criterionType: 'DynamicThresholdCriterion'
name: '1st criterion'
metricName: 'Average_Total Bytes Received'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}
{
name: 'sourcesystem'
operator: 'include'
values: ['*']
}]
operator: operator
alertSensitivity: alertSensitivity
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
timeAggregation: timeAggregation
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "593b6885-3fb8-4562-89f1-8b0b68649185",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Total Bytes Received Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Total Bytes Received Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"alertSensitivity": {
"type": "String",
"metadata": {
"displayName": "Alert Sensitivity",
"description": "Alert Sensitivity for the alert"
},
"allowedValues": [
"Low",
"Medium",
"High"
],
"defaultValue": "Medium"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Total Bytes Received"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator",
"equals": "GreaterOrLessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity",
"equals": "[[parameters('alertSensitivity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert",
"equals": 3
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods",
"equals": 4
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"alertSensitivity": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Total Bytes Received')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Total Bytes Received",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Total Bytes Received",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Total Bytes Received",
"operator": "GreaterOrLessThan",
"alertSensitivity": "[[parameters('alertSensitivity')]",
"failingPeriods": {
"minFailingPeriodsToAlert": 3,
"numberOfEvaluationPeriods": 4
},
"timeAggregation": "Average",
"criterionType": "DynamicThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
}
}
}
}
}
Average_Total Bytes Transmitted - Metric Alert
Average_Total Bytes Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| alertSensitivity | Medium |
| criterionType | DynamicThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| failingPeriods | |
| metricName | Average_Total Bytes Transmitted |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterOrLessThan |
| severity | 1 |
| timeAggregation | Average |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Average_Total Bytes Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterOrLessThan",
"allowedValues": [
"GreaterThan",
"LessThan",
"GreaterOrLessThan"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"alertSensitivity": {
"type": "string",
"defaultValue": "##ALERT_SENSITIVITY##",
"allowedValues": [
"High",
"Medium",
"Low"
],
"metadata": {
"description": "Tunes how 'noisy' the Dynamic Thresholds alerts will be: 'High' will result in more alerts while 'Low' will result in fewer alerts."
}
},
"numberOfEvaluationPeriods": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "The number of periods to check in the alert evaluation."
}
},
"minFailingPeriodsToAlert": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods)."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Average",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"criterionType": "DynamicThresholdCriterion",
"name": "1st criterion",
"metricName": "Average_Total Bytes Transmitted",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "objectname", "values": ["*"]}, {"operator": "include", "name": "instancename", "values": ["*"]}, {"operator": "include", "name": "sourcesystem", "values": ["*"]}],
"operator": "[parameters('operator')]",
"alertSensitivity": "[parameters('alertSensitivity')]",
"failingPeriods": {
"numberOfEvaluationPeriods": "[parameters('numberOfEvaluationPeriods')]",
"minFailingPeriodsToAlert": "[parameters('minFailingPeriodsToAlert')]"
},
"timeAggregation": "[parameters('timeAggregation')]"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Average_Total Bytes Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'GreaterThan'
'LessThan'
'GreaterOrLessThan'
])
param operator string = 'GreaterOrLessThan'
@description('Tunes how \'noisy\' the Dynamic Thresholds alerts will be: \'High\' will result in more alerts while \'Low\' will result in fewer alerts.')
@allowed([
'High'
'Medium'
'Low'
])
param alertSensitivity string = '##ALERT_SENSITIVITY##'
@description('The number of periods to check in the alert evaluation.')
param numberOfEvaluationPeriods int = 4
@description('The number of unhealthy periods to alert on (must be lower or equal to numberOfEvaluationPeriods).')
param minFailingPeriodsToAlert int = 3
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Average'
@description('Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
criterionType: 'DynamicThresholdCriterion'
name: '1st criterion'
metricName: 'Average_Total Bytes Transmitted'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'objectname'
operator: 'include'
values: ['*']
}
{
name: 'instancename'
operator: 'include'
values: ['*']
}
{
name: 'sourcesystem'
operator: 'include'
values: ['*']
}]
operator: operator
alertSensitivity: alertSensitivity
failingPeriods: {
numberOfEvaluationPeriods: numberOfEvaluationPeriods
minFailingPeriodsToAlert: minFailingPeriodsToAlert
}
timeAggregation: timeAggregation
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "76583e85-8be6-4d02-8e09-aff0ce8574f8",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Average_Total Bytes Transmitted Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Average_Total Bytes Transmitted Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"alertSensitivity": {
"type": "String",
"metadata": {
"displayName": "Alert Sensitivity",
"description": "Alert Sensitivity for the alert"
},
"allowedValues": [
"Low",
"Medium",
"High"
],
"defaultValue": "Medium"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Average_Total Bytes Transmitted"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Average"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator",
"equals": "GreaterOrLessThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity",
"equals": "[[parameters('alertSensitivity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert",
"equals": 3
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods",
"equals": 4
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"alertSensitivity": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Average_Total Bytes Transmitted')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Average_Total Bytes Transmitted",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Average_Total Bytes Transmitted",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Average_Total Bytes Transmitted",
"operator": "GreaterOrLessThan",
"alertSensitivity": "[[parameters('alertSensitivity')]",
"failingPeriods": {
"minFailingPeriodsToAlert": 3,
"numberOfEvaluationPeriods": 4
},
"timeAggregation": "Average",
"criterionType": "DynamicThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"alertSensitivity": {
"value": "[[parameters('alertSensitivity')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
}
}
}
}
}
Event - Metric Alert
Event. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Event |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | GreaterThan |
| severity | 1 |
| threshold | 0 |
| timeAggregation | Count |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Event. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "GreaterThan",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Count",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Event",
"dimensions": [{"operator": "include", "name": "source", "values": ["service control manager"]}, {"operator": "include", "name": "eventlog", "values": ["system"]}, {"operator": "include", "name": "computer", "values": ["*"]}, {"operator": "include", "name": "eventid", "values": ["7031", "7024", "7034"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Event. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'GreaterThan'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Count'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Event'
dimensions: [
{
name: 'source'
operator: 'include'
values: ['service control manager']
}
{
name: 'eventlog'
operator: 'include'
values: ['system']
}
{
name: 'computer'
operator: 'include'
values: ['*']
}
{
name: 'eventid'
operator: 'include'
values: ['7031','7024','7034']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "0b608189-b028-4851-8854-9ce1a48c3dd6",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Event Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Event Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "0"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Event"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Count"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "GreaterThan"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Event-threshold-Override_'), field('tags._amba-Event-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Event')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Event",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Event",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Event",
"operator": "GreaterThan",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Count",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Event-threshold-Override_'), field('tags._amba-Event-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}
Heartbeat - Metric Alert
Heartbeat. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).
Properties:
| criterionType | StaticThresholdCriterion |
| dimensions | |
| evaluationFrequency | PT1M |
| metricName | Heartbeat |
| metricNamespace | Microsoft.OperationalInsights/workspaces |
| operator | LessThanOrEqual |
| severity | 1 |
| threshold | 0 |
| timeAggregation | Total |
| windowSize | PT5M |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the alert"
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Heartbeat. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).",
"metadata": {
"description": "Description of alert"
}
},
"targetResourceId": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "List of Azure resource Ids seperated by a comma. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name"
}
},
"targetResourceRegion": {
"type": "string",
"metadata": {
"description": "Azure region in which target resources to be monitored are in (without spaces). For example: EastUS"
}
},
"targetResourceType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Resource type of target resources to be monitored."
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the alert is enabled"
}
},
"alertSeverity": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
0,
1,
2,
3,
4
],
"metadata": {
"description": "Severity of alert {0,1,2,3,4}"
}
},
"operator": {
"type": "string",
"defaultValue": "LessThanOrEqual",
"allowedValues": [
"Equals",
"GreaterThan",
"GreaterThanOrEqual",
"LessThan",
"LessThanOrEqual"
],
"metadata": {
"description": "Operator comparing the current value with the threshold value."
}
},
"threshold": {
"type": "string",
"defaultValue": "0",
"metadata": {
"description": "The threshold value at which the alert is activated."
}
},
"timeAggregation": {
"type": "string",
"defaultValue": "Total",
"allowedValues": [
"Average",
"Minimum",
"Maximum",
"Total",
"Count"
],
"metadata": {
"description": "How the data that is collected should be combined over time."
}
},
"windowSize": {
"type": "string",
"defaultValue": "PT5M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"PT24H",
"PT1D"
],
"metadata": {
"description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format."
}
},
"evaluationFrequency": {
"type": "string",
"defaultValue": "PT1M",
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"metadata": {
"description": "how often the metric alert is evaluated represented in ISO 8601 duration format"
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]",
"varTargetResourceId": "[split(parameters('targetResourceId'), ',')]"
},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[parameters('alertName')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": "[variables('varTargetResourceId')]",
"targetResourceType": "[parameters('targetResourceType')]",
"targetResourceRegion": "[parameters('targetResourceRegion')]",
"severity": "[parameters('alertSeverity')]",
"enabled": "[parameters('isEnabled')]",
"evaluationFrequency": "[parameters('evaluationFrequency')]",
"windowSize": "[parameters('windowSize')]",
"criteria": {
"odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria",
"allOf": [
{
"name": "1st criterion",
"metricName": "Heartbeat",
"dimensions": [{"operator": "include", "name": "computer", "values": ["*"]}],
"operator": "[parameters('operator')]",
"threshold": "[parameters('threshold')]",
"timeAggregation": "[parameters('timeAggregation')]",
"criterionType": "StaticThresholdCriterion"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Name of the alert')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Heartbeat. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric).'
@description('Array of Azure resource Ids. For example - /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroup/resource-group-name/Microsoft.compute/virtualMachines/vm-name')
@minLength(1)
param targetResourceId array
@description('Azure region in which target resources to be monitored are in (without spaces). For example: EastUS')
param targetResourceRegion string
@description('Resource type of target resources to be monitored.')
@minLength(1)
param targetResourceType string
@description('Specifies whether the alert is enabled')
param isEnabled bool = true
@description('Severity of alert {0,1,2,3,4}')
@allowed([
0
1
2
3
4
])
param alertSeverity int = 1
@description('Operator comparing the current value with the threshold value.')
@allowed([
'Equals'
'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
])
param operator string = 'LessThanOrEqual'
@description('The threshold value at which the alert is activated.')
param threshold int = 0
@description('How the data that is collected should be combined over time.')
@allowed([
'Average'
'Minimum'
'Maximum'
'Total'
'Count'
])
param timeAggregation string = 'Total'
@description('Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format.')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'PT24H'
'P1D'
])
param windowSize string = 'PT5M'
@description('how often the metric alert is evaluated represented in ISO 8601 duration format')
@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param evaluationFrequency string = 'PT1M'
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
name: alertName
location: 'global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: targetResourceId
targetResourceType: targetResourceType
targetResourceRegion: targetResourceRegion
severity: alertSeverity
enabled: isEnabled
evaluationFrequency: evaluationFrequency
windowSize: windowSize
criteria: {
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
allOf: [
{
name: '1st criterion'
metricName: 'Heartbeat'
dimensions: [
{
name: 'computer'
operator: 'include'
values: ['*']
}]
operator: operator
threshold: threshold
timeAggregation: timeAggregation
criterionType: 'StaticThresholdCriterion'
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "83703f70-9ea8-44aa-b88a-a8e56eb42858",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy OperationalInsights workspaces Heartbeat Alert",
"description": "Policy to Audit/Deploy OperationalInsights workspaces Heartbeat Alert",
"metadata": {
"version": "1.0.0-preview",
"category": "OperationalInsights",
"preview": true,
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"severity": {
"type": "String",
"metadata": {
"displayName": "Severity",
"description": "Severity of the Alert"
},
"allowedValues": [
"0",
"1",
"2",
"3",
"4"
],
"defaultValue": "1"
},
"windowSize": {
"type": "String",
"metadata": {
"displayName": "Window Size",
"description": "Window size for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H",
"PT6H",
"PT12H",
"P1D"
],
"defaultValue": "PT5M"
},
"evaluationFrequency": {
"type": "String",
"metadata": {
"displayName": "Evaluation Frequency",
"description": "Evaluation frequency for the alert"
},
"allowedValues": [
"PT1M",
"PT5M",
"PT15M",
"PT30M",
"PT1H"
],
"defaultValue": "PT1M"
},
"autoMitigate": {
"type": "String",
"metadata": {
"displayName": "Auto Mitigate",
"description": "Auto Mitigate for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"threshold": {
"type": "String",
"metadata": {
"displayName": "Threshold",
"description": "Threshold for the alert"
},
"defaultValue": "0"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
},
"MonitorDisableTagName": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled tag name",
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": "MonitorDisable"
},
"MonitorDisableTagValues": {
"type": "Array",
"metadata": {
"displayName": "Monitoring disabled tag values(s)",
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
},
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/metricAlerts",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace",
"equals": "Microsoft.OperationalInsights/workspaces"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName",
"equals": "Heartbeat"
},
{
"field": "Microsoft.Insights/metricalerts/scopes[*]",
"equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]"
},
{
"field": "Microsoft.Insights/metricAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"field": "Microsoft.Insights/metricAlerts/evaluationFrequency",
"equals": "[[parameters('evaluationFrequency')]"
},
{
"field": "Microsoft.Insights/metricAlerts/windowSize",
"equals": "[[parameters('windowSize')]"
},
{
"field": "Microsoft.Insights/metricalerts/severity",
"equals": "[[parameters('severity')]"
},
{
"field": "Microsoft.Insights/metricAlerts/autoMitigate",
"equals": "[[parameters('autoMitigate')]"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation",
"equals": "Total"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator",
"equals": "LessThanOrEqual"
},
{
"field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold",
"equals": "[[if(contains(field('tags'), '_amba-Heartbeat-threshold-Override_'), field('tags._amba-Heartbeat-threshold-Override_'), parameters('threshold'))]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "String",
"metadata": {
"displayName": "resourceName",
"description": "Name of the resource"
}
},
"resourceId": {
"type": "String",
"metadata": {
"displayName": "resourceId",
"description": "Resource ID of the resource emitting the metric that will be used for the comparison"
}
},
"severity": {
"type": "String"
},
"windowSize": {
"type": "String"
},
"evaluationFrequency": {
"type": "String"
},
"autoMitigate": {
"type": "String"
},
"enabled": {
"type": "String"
},
"threshold": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricAlerts",
"apiVersion": "2018-03-01",
"name": "[[concat(parameters('resourceName'), '-Heartbeat')]",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "Metric Alert for OperationalInsights workspaces Heartbeat",
"severity": "[[parameters('severity')]",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[parameters('resourceId')]"
],
"evaluationFrequency": "[[parameters('evaluationFrequency')]",
"windowSize": "[[parameters('windowSize')]",
"criteria": {
"allOf": [
{
"name": "Heartbeat",
"metricNamespace": "Microsoft.OperationalInsights/workspaces",
"metricName": "Heartbeat",
"operator": "LessThanOrEqual",
"threshold": "[[parameters('threshold')]",
"timeAggregation": "Total",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"autoMitigate": "[[parameters('autoMitigate')]",
"parameters": {
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[parameters('threshold')]"
}
}
}
}
]
},
"parameters": {
"resourceName": {
"value": "[[field('name')]"
},
"resourceId": {
"value": "[[field('id')]"
},
"severity": {
"value": "[[parameters('severity')]"
},
"windowSize": {
"value": "[[parameters('windowSize')]"
},
"evaluationFrequency": {
"value": "[[parameters('evaluationFrequency')]"
},
"autoMitigate": {
"value": "[[parameters('autoMitigate')]"
},
"enabled": {
"value": "[[parameters('enabled')]"
},
"threshold": {
"value": "[[if(contains(field('tags'), '_amba-Heartbeat-threshold-Override_'), field('tags._amba-Heartbeat-threshold-Override_'), parameters('threshold'))]"
}
}
}
}
}
}
}
}
}