az monitor activity-log alert

Manage activity log alert rules.

Commands

Name Description Type Status
az monitor activity-log alert action-group Core GA
az monitor activity-log alert action-group add

Add action groups to this activity log alert rule. It can also be used to overwrite existing webhook properties of particular action groups.

Core GA
az monitor activity-log alert action-group remove

Remove action groups from this activity log alert rule.

Core GA
az monitor activity-log alert create

Create a default activity log alert rule.

Core GA
az monitor activity-log alert delete

Delete an activity log alert.

Core GA
az monitor activity-log alert list

List activity log alert rules under a resource group or the current subscription.

Core GA
az monitor activity-log alert scope Core GA
az monitor activity-log alert scope add

Add scopes to this activity log alert rule.

Core GA
az monitor activity-log alert scope remove

Removes scopes from this activity log alert rule.

Core GA
az monitor activity-log alert show

Get an activity log alert.

Core GA
az monitor activity-log alert update

Update a new activity log alert or update an existing one.

Core GA

az monitor activity-log alert create

Create a default activity log alert rule.

This command will create a default activity log with one condition which compares if the activities logs 'category' field equals to 'ServiceHealth'. The newly created activity log alert does not have any action groups attached to it.

az monitor activity-log alert create --activity-log-alert-name
                                     --resource-group
                                     [--action-group]
                                     [--all-of]
                                     [--condition]
                                     [--description]
                                     [--disable {0, 1, f, false, n, no, t, true, y, yes}]
                                     [--scope]
                                     [--tags]
                                     [--webhook-properties]

Examples

Create an alert rule with default settings.

az monitor activity-log alert create -n AlertName -g ResourceGroup

Create an alert rule with condition about error level service health log.

az monitor activity-log alert create -n AlertName -g ResourceGroup --condition category=ServiceHealth and level=Error

Create an alert rule with an action group and specify webhook properties.

az monitor activity-log alert create -n AlertName -g ResourceGroup -a /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/microsoft.insights/actionGroups/{ActionGroup} -w usage=test owner=jane

Create an alert rule which is initially disabled.

az monitor activity-log alert create -n AlertName -g ResourceGroup --disable

Required Parameters

--activity-log-alert-name --name -n

The name of the activity log alert.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--action-group -a

Add an action group. Accepts space-separated action group identifiers. The identifier can be the action group's name or its resource ID. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--all-of

The list of Activity Log Alert rule conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--condition -c

The condition that will cause the alert rule to activate. The format is FIELD=VALUE[ and FIELD=VALUE...] The possible values for the field are 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--description

A description of this Activity Log Alert rule.

--disable

Disable the activity log alert rule after it is created.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
--scope -s

A list of strings that will be used as prefixes. The alert rule will only apply to activity logs with resourceIDs that fall under one of these prefixes. If not provided, the subscriptionId will be used. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--tags

The tags of the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--webhook-properties -w

Space-separated webhook properties in 'key[=value]' format. These properties are associated with the action groups added in this command. For any webhook receiver in these action group, this data is appended to the webhook payload. To attach different webhook properties to different action groups, add the action groups in separate update-action commands. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor activity-log alert delete

Delete an activity log alert.

az monitor activity-log alert delete [--activity-log-alert-name]
                                     [--ids]
                                     [--resource-group]
                                     [--subscription]

Optional Parameters

--activity-log-alert-name --name -n

The name of the activity log alert.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor activity-log alert list

List activity log alert rules under a resource group or the current subscription.

az monitor activity-log alert list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor activity-log alert show

Get an activity log alert.

az monitor activity-log alert show [--activity-log-alert-name]
                                   [--ids]
                                   [--resource-group]
                                   [--subscription]

Optional Parameters

--activity-log-alert-name --name -n

The name of the activity log alert.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor activity-log alert update

Update a new activity log alert or update an existing one.

az monitor activity-log alert update [--activity-log-alert-name]
                                     [--add]
                                     [--all-of]
                                     [--condition]
                                     [--description]
                                     [--enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                     [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                     [--ids]
                                     [--remove]
                                     [--resource-group]
                                     [--set]
                                     [--subscription]
                                     [--tags]

Examples

Update the condition

az monitor activity-log alert update -n AlertName -g ResourceGroup --condition category=ServiceHealth and level=Error

Disable an alert rule.

az monitor activity-log alert update -n AlertName -g ResourceGroup --enable false

Update the details of this activity log alert rule.

az monitor activity-log alert update --enabled true --name MyActivityLogAlerts --resource- group MyResourceGroup --subscription MySubscription

Update the details of this activity log alert.

az monitor activity-log alert update --name MyActivityLogAlerts --resource-group MyResourceGroup --tags key=value

Optional Parameters

--activity-log-alert-name --name -n

The name of the activity log alert.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--all-of

The list of Activity Log Alert rule conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--condition -c

The condition that will cause the alert rule to activate. The format is FIELD=VALUE[ and FIELD=VALUE...] The possible values for the field are 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--description

A description of this Activity Log Alert rule.

--enabled

Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

The tags of the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.