Creating Alert Rules with Webhook for Azure

  1. Login to Azure Portal.
  2. Go to Monitor.
  3. Click Create an alert rule., Select a resource to forward the events.
Azure-01
Azure-02
  1. Under the Condition tab, select Platform from Monitor Service and click on any of the metrics to the threshold values.

Note: If the Action Group is already created with Webhook details select the existing one.

  1. While creating a new action group, click the Action Type drop-down and select Webhook.

Paste the link below in the URL field.(This URL should be copied from the custom integration created for Azure events) https://opsramp.api.opsramp.com/integrations/alertsWebhook/%7BtenantId%7D/alerts?vtoken=*****************

Azure-03
  1. Click Next:Tags > and click Next: Review + create.
  2. Click Create, the action group gets created. You can use the same action group while creating rules for remaining resources.
  3. Add Severity, Alert Rule name, and Alert rule description.
Azure-04
  1. Click Next: Tags and click Next: Review + create.
Azure-05
Azure-06
  1. Based upon the Payload, mappings will be configured in OpsRamp integration.
  2. Below are a few of the mandatory fields which need to be mapped for Alerts creation. These might differ based upon the Alert payload sent by Azure.
  • Alert State

  • Alert Description

  • Alert Resource Name

  • Alert Metric

  • Alert Subject

    Ex:

    	{
       "schemaId":"azureMonitorCommonAlertSchema",
       "data":
       {
      	"essentials":
        {
         	"alertId":"/subscriptions/11111111-1111-1111-1111-111111111111/providers/Microsoft.AlertsManagement/alerts/
    
            12345678-1234-1234-1234-1234567890ab",
    
    
         	"alertRule":"test-metricAlertRule",
         	"severity":"Sev3",
         	"signalType":"Metric",
         	"monitorCondition":"Fired",
         	"monitoringService":"Platform",
         	"alertTargetIDs":[
            	"/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/test-RG/providers/Microsoft.Storage/storageAccounts/test-storageAccount"
         	],
         	"configurationItems":[
            	"test-storageAccount"
         	],
         	"originAlertId":"11111111-1111-1111-1111-111111111111_test-RG_microsoft.
            insights_metricAlerts_test-metricAlertRule_1234567890",
         	"firedDateTime":"2022-06-25T07:10:34.483Z",
         	"description":"Alert rule description",
         	"essentialsVersion":"1.0",
         	"alertContextVersion":"1.0"
      	},
      	"alertContext":{
         	"properties":{
            	"customKey1":"value1",
            	"customKey2":"value2"
         	},
         	"conditionType":"DynamicThresholdCriteria",
         	"condition":{
            	"windowSize":"PT15M",
            	"allOf":[
               	{
                  	"alertSensitivity":"Low",
                  	"failingPeriods":{
                     	"numberOfEvaluationPeriods":3,
                     	"minFailingPeriodsToAlert":3
                  	},
                  	"ignoreDataBefore":null,
                  	"metricName":"Transactions",
                  	"metricNamespace":"Microsoft.Storage/storageAccounts",
                  	"operator":"GreaterThan",
                  	"threshold":"0.3",
                  	"timeAggregation":"Average",
                  	"dimensions":[
                    	 
                  	],
                  	"metricValue":78.09,
                  	"webTestName":null
               	}
            	],
            	"windowStartTime":"2022-06-25T07:10:34.483Z",
            	"windowEndTime":"2022-06-25T07:10:34.483Z"
         	}
      	},
      	"customProperties":{
         	"customKey1":"value1",
         	"customKey2":"value2"
      	}
       }
    }

The above payload can be configured for Alerts creation as below:

Azure-07
Azure-08
Azure-09
Azure-10
Azure-11

The user can combine two values for uniqueness of the value mappable properties in OpsRamp.
Example: Alert metric, alert state.

Value mappable properties - combination of two values