Uploaded image for project: 'Opsgenie'
  1. Opsgenie
  2. OPSGENIE-561

Integration for Azure Scheduled Query Rules (Azure Activity Log Webhook)

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      User Problem

      There isn't currently a way to create alerts using the Azure Scheduled Query Rules. This used to work with the Azure OMS integration, but due to changes on the Azure side, you can't customize the payload anymore.

      Suggested Solutions

      An integration designed to handle the payload from the Azure activity log webhook

      https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log-webhook#log-alert-for-all-resources-logs-from-api-version-2021-08-01

      Current Workarounds

      Pull the fields from the payload dynamically using the Azure OMS integration

            [OPSGENIE-561] Integration for Azure Scheduled Query Rules (Azure Activity Log Webhook)

            Morten Lerudjordet added a comment -

            For others needing this. a workaround is to use the existing Azure Event Hub integration.
            Then to get at the log specific parameters use:
            _payload.substringBetween("linkToFilteredSearchResultsUI=",",")

            Change out the bold text with the name of the log parameter needed to be added to the alert msg.

             

            https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-common-schema#alert-context-fields-for-activity-log-alerts

            Morten Lerudjordet added a comment - For others needing this. a workaround is to use the existing Azure Event Hub integration. Then to get at the log specific parameters use: _payload.substringBetween(" linkToFilteredSearchResultsUI =",",") Change out the bold text with the name of the log parameter needed to be added to the alert msg.   https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-common-schema#alert-context-fields-for-activity-log-alerts

            Daniel Björk added a comment - - edited

            I agree with previous writer and also it would be much easier if you just allow us to build our own setup based on any webhook. This is just a way for you to force users to buy the more expensive version to get the webhook integration. 

            Daniel Björk added a comment - - edited I agree with previous writer and also it would be much easier if you just allow us to build our own setup based on any webhook. This is just a way for you to force users to buy the more expensive version to get the webhook integration. 

            Morten Lerudjordet added a comment -

            As there already are existing integrations for different parts of Azure Monitor, this ask should not be that difficult to implement.
            The below link is for metric alert using the common alert schema, so getting log alerts supported should just be a change of the schema on the integration right?

            Ref:
            [Integrate Opsgenie with Microsoft Azure Event Hubs | Opsgenie | Atlassian Support|https://support.atlassian.com/opsgenie/docs/integrate-opsgenie-with-microsoft-azure-event-hubs/]

            Morten Lerudjordet added a comment - As there already are existing integrations for different parts of Azure Monitor, this ask should not be that difficult to implement. The below link is for metric alert using the common alert schema, so getting log alerts supported should just be a change of the schema on the integration right? Ref: [Integrate Opsgenie with Microsoft Azure Event Hubs | Opsgenie | Atlassian Support|https://support.atlassian.com/opsgenie/docs/integrate-opsgenie-with-microsoft-azure-event-hubs/]

              Unassigned Unassigned
              bkiely@atlassian.com Brennan Kiely
              Votes:
              11 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: