Documentation
Contact Support

Microsoft Azure Monitor Event Source

Suggest Edits

The Microsoft Azure Event Source allows users to configure Azure to send Events to FireHydrant for creating Alerts. Alert Rules can be configured to scan the payloads and ensure the right teams are notified of events they care about.

Configuration

Follow Microsoft's documentation for configuring monitoring alerts. FireHydrant supports Metric-type alerts - other alert types should be configured with Custom Event Sources.

In FireHydrant, copy the Microsoft Azure ingress URL on the Event Sources page and use that as the destination webhook URL for your Azure monitor alerts.

Field Mappings

FireHydrant's Azure transposer will map the following fields to FireHydrant's Events Data Model.

Azure ParameterFireHydrant Parameter
data.essentials.originAlertIdidempotency_key
data.essentials.severity
data.essentials.alertRule		summary - Will be in the format of [Severity] Alert Rule
data.essentials.description
data.essentials.alertTargetIDs[]
data.essentials.configurationItems[]		body
level - Always ERROR
data.essentials.monitorConditionstatus - Open when monitorCondition is "Fired" otherwise closed
data.essentials.monitoringService
data.essentials.severity
data.essentials.signalType		annotations['azure.monitoringService']
annotations['azure.severity']
annotations['azure.signalType']

These mappings mean that an inbound webhook from Azure with the following content:

{
  "schemaId": "azureMonitorCommonAlertSchema",
  "data": {
    "essentials": {
      "alertId": "/subscriptions/testsubid/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
      "alertRule": "WCUS-R2-Gen2",
      "severity": "Sev3",
      "signalType": "Metric",
      "monitorCondition": "Fired",
      "monitoringService": "Platform",
      "alertTargetIDs": [
        "/subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
      ],
      "configurationItems": [
        "wcus-r2-gen2"
      ],
      "originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
      "firedDateTime": "2019-03-22T13:58:24.3713213Z",
      "description": "foobar",
      "essentialsVersion": "1.0",
      "alertContextVersion": "1.0"
    },
    "alertContext": {
      "properties": null,
      "conditionType": "SingleResourceMultipleMetricCriteria",
      "condition": {
        "windowSize": "PT5M",
        "allOf": [
          {
            "metricName": "Percentage CPU",
            "metricNamespace": "Microsoft.Compute/virtualMachines",
            "operator": "GreaterThan",
            "threshold": "25",
            "timeAggregation": "Average",
            "dimensions": [
              {
                "name": "ResourceId",
                "value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
              }
            ],
            "metricValue": 7.727
          }
        ]
      }
    },
    "customProperties": {
      "Key1": "Value1",
      "Key2": "Value2"
    }
  }
}

...will result in the following mapped Signal on FireHydrant:

{
  "summary": "[Sev3] WCUS-R2-Gen2",
  "body": "foobar\n\n**Alert Target IDs:**\n```\n- /subscriptions/testsubid/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2\n```\n\n**Configuration Items:**\n```\n- wcus-r2-gen2\n```\n",
  "idempotency_key": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
  "level": "ERROR",
  "annotations": {
    "azure.monitoringService": "Platform",
    "azure.severity": "Sev3",
    "azure.signalType": "Metric"
  }
}

Updated 8 months ago