Create Alert Rules with Webhook for Azure

Introduction

This document describes the process of configuring alert rules with Webhook for Azure and OpsRamp configuration steps for generating alerts. This helps you to address the issues allowing for quick remediation.

Create Alert Rules with Webhook for Azure

1. Login to Azure portal.
2. Go to Monitor.
3. Click Create an alert rule., Select a resource to forward the events.

4. Under the Condition tab, select Platform from Monitor Service and click on any of the metrics to the threshold values.

Note: If the Action Group is already created with Webhook details select the existing one.

5. While creating a new action group, click the Action Type drop-down and select Webhook.

Paste the link below in the URL field.(This URL should be copied from the custom integration created for Azure events) https://opsramp.api.opsramp.com/integrations/alertsWebhook/%7BtenantId%7D/alerts?vtoken=*****************

6. Click Next:Tags > and click Next: Review + create.
7. Click Create to create the action group. You can use the same action group while creating rules for remaining resources.
8. Add Severity, Alert Rule name, and Alert rule description.

9. Click Next: Tags and click Next: Review + create.

10. Based on the payload, mappings are configured in OpsRamp integration.
11. Below are a few of the mandatory fields which need to be mapped for Alerts creation. These might differ based on the alert payload sent by Azure.
    • Alert State
    • Alert Description
    • Alert Resource Name
    • Alert Metric
    • Alert Subject

Example:

	{
   "schemaId":"azureMonitorCommonAlertSchema",
   "data":
   {
  	"essentials":
    {
     	"alertId":"/subscriptions/11111111-1111-1111-1111-111111111111/providers/Microsoft.AlertsManagement/alerts/

        12345678-1234-1234-1234-1234567890ab",


     	"alertRule":"test-metricAlertRule",
     	"severity":"Sev3",
     	"signalType":"Metric",
     	"monitorCondition":"Fired",
     	"monitoringService":"Platform",
     	"alertTargetIDs":[
        	"/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount"
     	],
     	"configurationItems":[
        	"test-storageAccount"
     	],
     	"originAlertId":"11111111-1111-1111-1111-111111111111_test-RG_microsoft.
        insights_metricAlerts_test-metricAlertRule_1234567890",
     	"firedDateTime":"2022-06-25T07:10:34.483Z",
     	"description":"Alert rule description",
     	"essentialsVersion":"1.0",
     	"alertContextVersion":"1.0"
  	},
  	"alertContext":{
     	"properties":{
        	"customKey1":"value1",
        	"customKey2":"value2"
     	},
     	"conditionType":"DynamicThresholdCriteria",
     	"condition":{
        	"windowSize":"PT15M",
        	"allOf":[
           	{
              	"alertSensitivity":"Low",
              	"failingPeriods":{
                 	"numberOfEvaluationPeriods":3,
                 	"minFailingPeriodsToAlert":3
              	},
              	"ignoreDataBefore":null,
              	"metricName":"Transactions",
              	"metricNamespace":"Microsoft.Storage/storageAccounts",
              	"operator":"GreaterThan",
              	"threshold":"0.3",
              	"timeAggregation":"Average",
              	"dimensions":[
                	 
              	],
              	"metricValue":78.09,
              	"webTestName":null
           	}
        	],
        	"windowStartTime":"2022-06-25T07:10:34.483Z",
        	"windowEndTime":"2022-06-25T07:10:34.483Z"
     	}
  	},
  	"customProperties":{
     	"customKey1":"value1",
     	"customKey2":"value2"
  	}
   }
}

The above payload can be configured to create alerts as mentioned below:

You can combine two values for uniqueness of the value mappable properties in OpsRamp.
Example: Alert metric, alert state.