Microsoft Azure Monitor
The Microsoft Azure Event Source allows users to configure Azure to send Events to FireHydrant for creating Alerts. Alert Rules can be configured to scan the payloads and ensure the right teams are notified of events they care about.
Configuration
Follow Microsoft's documentation for configuring monitoring alerts. FireHydrant supports Metric-type alerts - other alert types should be configured with Custom Event Sources.
In FireHydrant, copy the Microsoft Azure ingress URL on the Event Sources page and use that as the destination webhook URL for your Azure monitor alerts.
Field Mappings
FireHydrant's Azure transposer will map the following fields to FireHydrant's Events Data Model.
Azure Parameter | FireHydrant Parameter |
---|---|
data.essentials.originAlertId | idempotency_key |
data.essentials.severity data.essentials.alertRule | summary |
data.essentials.description data.essentials.alertTargetIDs[] data.essentials.configurationItems[] | body |
level - Always ERROR | |
data.essentials.monitorCondition | status - Open when monitorCondition is "Fired" otherwise closed |
data.essentials.monitoringService data.essentials.severity data.essentials.signalType | annotations['azure.monitoringService'] annotations['azure.severity'] annotations['azure.signalType'] |
These mappings mean that an inbound webhook from Azure with the following content:
{
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/testsubid/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
"alertRule": "WCUS-R2-Gen2",
"severity": "Sev3",
"signalType": "Metric",
"monitorCondition": "Fired",
"monitoringService": "Platform",
"alertTargetIDs": [
"/subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
],
"configurationItems": [
"wcus-r2-gen2"
],
"originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
"firedDateTime": "2019-03-22T13:58:24.3713213Z",
"description": "foobar",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": null,
"conditionType": "SingleResourceMultipleMetricCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Percentage CPU",
"metricNamespace": "Microsoft.Compute/virtualMachines",
"operator": "GreaterThan",
"threshold": "25",
"timeAggregation": "Average",
"dimensions": [
{
"name": "ResourceId",
"value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
}
],
"metricValue": 7.727
}
]
}
},
"customProperties": {
"Key1": "Value1",
"Key2": "Value2"
}
}
}
...will result in the following mapped Signal on FireHydrant:
{
"summary": "[Sev3] WCUS-R2-Gen2",
"body": "foobar\n\n**Alert Target IDs:**\n```\n- /subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2\n```\n\n**Configuration Items:**\n```\n- wcus-r2-gen2\n```\n",
"idempotency_key": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
"level": "ERROR",
"annotations": {
"azure.monitoringService": "Platform",
"azure.severity": "Sev3",
"azure.signalType": "Metric"
}
}
Updated 4 months ago