Question 104078 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Actions are not triggering when alerts are triggered

Using Terraform I have created Alert, Action group and Logicapp. (Code-1 show below)

Action to trigger when an alert is triggered, where one of Action type is Logic app, which was as expected. Alert got triggered when condition is true further it trigger Logic app action.

Later, I got requirement to adjust alert’s threshold and frequency and made changes to Terraform code, while doing plan/apply noticed only changes in Alert Frequency and threshold value and these are expected. (Code-2 show below)

After this change(update) of Alert properties action as stopped functioning. when alert is triggered, Action is not triggered.

Test 1: Checking weather alert itself truly triggering

• Just to test the functionality of alert whether itself getting triggered, I subscribed Notification type to send mail to my Inbox. Which worked and I got mail regarding the alert but the alert unable to trigger action.

Test 1.2: Changes from Portal

• I removed testing-logicapp (Logic app action) under Action type from Azure Portal.

• And Added testing-logicapp (Logic app action) under Action type from Azure Portal. (As show in below JPG-3)

• This resulted Action to trigger when an alert is triggered.

So, my doubt is, how should I handle this scenario in terraform way.

Code-1 :

resource "azurerm_monitor_scheduled_query_rules_alert_v2" "myvm_task_alert_v2" {
  name                = "myvm-auto-deletion-alert"
  resource_group_name = azurerm_resource_group.myvm_task_resource_group.name
  evaluation_frequency = "PT1H"
  window_duration      = "PT1H"
  scopes               = [data.azurerm_log_analytics_workspace.azurerm_log_analytics_workspace.id]

  severity             = 4
  criteria {
    query                   = <<-QUERY
        Perf
        | where TimeGenerated > ago(1h)
        | where CounterName == "% Processor Time" and InstanceName == "_Total" 
        | project TimeGenerated, Computer, CounterValue, _ResourceId
        | summarize AggregatedValue = avg(CounterValue)  by bin(TimeGenerated, 1h), Computer, _ResourceId   
      QUERY
    time_aggregation_method = "Maximum"
    threshold               = 30.0
    operator                = "LessThan"
    metric_measure_column = "AggregatedValue"

  }

  display_name                     = "myvm-auto-deletion-alert"
  enabled                          = true
  action {
    action_groups = [azurerm_monitor_action_group.delete_myvm_action_group.id]
  }
}



resource "azurerm_monitor_action_group" "delete_myvm_action_group" {
  name                = "myvm-auto-deletion-action-group"
  resource_group_name = azurerm_resource_group.myvm_task_resource_group.name
  short_name          = "myvm-autodel"
  tags                = module.metadata.tags

  logic_app_receiver {
    name                    = "myvm-auto-deletion-logicapp"
    resource_id             = azurerm_logic_app_workflow.myvm_task_logicapp.id
    callback_url            = azurerm_logic_app_workflow.myvm_task_logicapp.access_endpoint
    use_common_alert_schema = true
  }

  email_receiver {
    name                    = "sendtoPraveen"
    email_address           = "[email protected]"
    use_common_alert_schema = true
  }

}


resource "azurerm_logic_app_workflow" "myvm_task_logicapp" {
  name                = "myvm-auto-deletion-logicapp"
  location            = "us east"
  resource_group_name = azurerm_resource_group.myvm_task_resource_group.name
}

Code-2 :

resource "azurerm_monitor_scheduled_query_rules_alert_v2" "myvm_task_alert_v2" {
  name                = "myvm-auto-deletion-alert"
  resource_group_name = azurerm_resource_group.myvm_task_resource_group.name
  evaluation_frequency = "PT1H"
  window_duration      = "PT10H" ####################-------------------->change1
  scopes               = [data.azurerm_log_analytics_workspace.azurerm_log_analytics_workspace.id]

  severity             = 4
  criteria {
    query                   = <<-QUERY
        Perf
        | where TimeGenerated > ago(1h)
        | where CounterName == "% Processor Time" and InstanceName == "_Total" 
        | project TimeGenerated, Computer, CounterValue, _ResourceId
        | summarize AggregatedValue = avg(CounterValue)  by bin(TimeGenerated, 1h), Computer, _ResourceId   
      QUERY
    time_aggregation_method = "Maximum"
    threshold               = 50.0 ####################-------------------->change2
    operator                = "LessThan"
    metric_measure_column = "AggregatedValue"

  }

  display_name                     = "myvm-auto-deletion-alert"
  enabled                          = true
  action {
    action_groups = [azurerm_monitor_action_group.delete_myvm_action_group.id]
  }
}

JPG-1
Changes from Portal

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Found the issue with the help of MIcrosoft support team. Created new azurerm_logic_app_trigger_http_request flow.

    resource "azurerm_logic_app_trigger_http_request" "logic_app_httptrigger_code" {
  name         = "alertv2httPayload"
  logic_app_id = azurerm_logic_app_workflow.myvm_task_logicapp.id

  schema = data.local_file.httptrigger_code.content
}

    You'll need to use callbackurl of azurerm_logic_app_trigger_http_request in Logic_app_receiver under actiongroup :

    azurerm_logic_app_trigger_http_request.logic_app_httptrigger_code.callback_url

    instead of

    azurerm_logic_app_workflow.myvm_task_logicapp.access_endpoint

    Ref : Action groups not triggering Logic Apps #6056


  2. 0

    Actions are not triggering when alerts are triggered:

    I tried it in my environment by using this terraform template for scheduled alerts and making a few modifications as required. It was successfully deployed, and an action was triggered with appropriate information to the specified user’s email address.

    terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.37.0"
    }
  }
}

provider "azurerm" {
  features{}
}
resource "azurerm_resource_group" "example" {
  name     = "xxxxexample-resources"
  location = "xxxxxx"
}
resource "azurerm_application_insights" "example" {
  name                = "xxxxexample-ai"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  application_type    = "web"
}
resource "azurerm_logic_app_workflow" "example" {
  name                = "xxxxdeletion-logicapp"
  location            = "eastUS"
  resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_monitor_action_group" "example" {
  name                = "xxxxx-mag"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "xxxxxtest"
  logic_app_receiver {
    name                    = "xxxxxdeletion-logicapp"
    resource_id             = azurerm_logic_app_workflow.example.id
    callback_url            = azurerm_logic_app_workflow.example.access_endpoint
    use_common_alert_schema = true
  }

  email_receiver {
    name                    = "sendtouser"
    email_address           = "[email protected]"
    use_common_alert_schema = true
  }
}

resource "azurerm_monitor_scheduled_query_rules_alert_v2" "example" {
  name                = "xxxx-msqrv2"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  evaluation_frequency = "PT10M"
  window_duration      = "PT10M"
  scopes               = [azurerm_application_insights.example.id]
  severity             = 4
  criteria {
        query                   = <<-QUERY
      requests
        | summarize CountByCountry=count() by client_CountryOrRegion #Give query condition as per your requirements
      QUERY   
    time_aggregation_method = "Maximum"
    threshold               = 30.0
    operator                = "LessThan"
    metric_measure_column = "CountByCountry"
    resource_id_column    = "client_CountryOrRegion"
    
    dimension {
      name     = "client_CountryOrRegion"
      operator = "Exclude"
      values   = ["123"]
    }
    failing_periods {
      minimum_failing_periods_to_trigger_alert = 1
      number_of_evaluation_periods             = 1
    }
  }
  auto_mitigation_enabled          = true
  workspace_alerts_storage_enabled = false
  description                      = "example sqr"
  display_name                     = "example-sqr"
  enabled                          = true
  query_time_range_override        = "PT1H"
  skip_query_validation            = true
  action {
    action_groups = [azurerm_monitor_action_group.example.id]
    custom_properties = {
      key1  = "xxx"
      key2 = "xxx"
    }
  }
  tags = {
    key1  = "xxxx"
  }
}

    terraform init:

    enter image description here

    terraform plan:

    enter image description here

    terraform apply:

    enter image description here

    Deployed in Portal & added an action group:

    enter image description here

    Triggered alert mail successfully:

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search