Azure - развертывание правил предупреждений с помощью шаблона ARM с параметром Metric Measurement (счетчик Not Result)

У меня небольшая проблема с развертыванием правильного правила предупреждений в Azure.

Мои предупреждения - это запрос Log Analytics, и развертывание работает нормально. Но все мои оповещения были созданы с "Число результатов", а я хочу "Измерение метрики".

Тип предупреждения

Я попытался создать правильное предупреждение в Azure и использовать параметры JSON в журналах действий, но не понимаю, где находится этот параметр.

Я также ищу в, но там написано только "ResultCount".

Знаете ли вы, какой хороший параметр для этого?

Мой template.json

  "$schema": "",
  "contentVersion": "",
  "parameters": {
    "actionGroup": {
      "defaultValue": "",
      "metadata": {
        "description": "The ID of the action group that is triggered when the alert is activated or deactivated"
      "type": "string"
    "alertDescription": {
      "defaultValue": "This is a metric alert",
      "metadata": {
        "description": "Description of alert"
      "type": "string"
    "alertName": {
      "metadata": {
        "description": "Name of the alert"
      "type": "string"
    "alertSeverity": {
      "allowedValues": [
      "defaultValue": 3,
      "metadata": {
        "description": "Severity of alert {0,1,2,3,4}"
      "type": "int"
    "consecutiveBreachTrigger": {
      "defaultValue": "",
      "metadata": {
        "description": ""
      "type": "string"
  //"isEnabled": {
  //    "defaultValue": true,
  //    "metadata": {
  //      "description": "Specifies whether the alert is enabled"
  //    },
  //    "type": "bool"
  //  },
    "metricColumn": {
      "defaultValue": "",
      "metadata": {
        "description": "Metric type of trigger"
      "type": "string"
    "metricTriggerTypeMetricTrigger": {
      "defaultValue": "",
      "metadata": {
        "description": "Metric type of trigger"
      "type": "string"
    "metricTriggerTypeTrigger": {
      "defaultValue": "",
      "metadata": {
        "description": "Metric type of trigger"
      "type": "string"
    "operatorMetricTrigger": {
      "allowedValues": [
      "defaultValue": "GreaterThan",
      "metadata": {
        "description": "Operator comparing the current value with the threshold value."
      "type": "string"
    "operatorTrigger": {
      "allowedValues": [
      "defaultValue": "GreaterThan",
      "metadata": {
        "description": "Operator comparing the current value with the threshold value."
      "type": "string"
    "PfrequencyInMin": {
      "defaultValue": "",
      "metadata": {
        "description": "Time along the query is running"
      "type": "string"
    "PtimeWindowFrequency": {
      "defaultValue": "",
      "metadata": {
        "description": "Frequency of often should be run the alert"
      "type": "string"
    "query": {
      "defaultValue": "",
      "metadata": {
        "description": "Query to use for this alert"
      "type": "string"
   "queryType": {
    "defaultValue": "",
     "metadata": {
        "description": "Type of the query"
     "type": "string"
    "region": {
      "defaultValue": "",
      "metadata": {
        "description": "Region of the workspace"
      "type": "string"
    "resourceId": {
      "metadata": {
        "description": "Full Resource ID of the resource emitting the metric that will be used for the comparison. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.compute/virtualMachines/VM_xyz"
      "minLength": 1,
      "type": "string"
    "thresholdMetricTrigger": {
      "defaultValue": "0",
      "metadata": {
        "description": "The threshold value at which the alert is activated."
      "type": "string"
    "thresholdTrigger": {
      "defaultValue": "0",
      "metadata": {
        "description": "The threshold value at which the alert is activated."
      "type": "string"
  "resources": [
      "apiVersion": "2018-04-16",
      "location": "[parameters('region')]",
      "name": "[parameters('alertName')]",
      "properties": {
        "action": {
          "aznAction": {
            "actionGroup": "[parameters('actionGroup')]"
          "metricTrigger": {
            "metricColumn": "[parameters('metricColumn')]",
            "metricTriggerType": "[parameters('metricTriggerTypeMetricTrigger')]",
            "threshold": "[parameters('thresholdMetricTrigger')]",
            "thresholdOperator": "[parameters('operatorMetricTrigger')]"
          "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
          "severity": "[parameters('alertSeverity')]",
          "trigger": {
            "consecutiveBreach": "[parameters('consecutiveBreachTrigger')]",
            "metricTriggerType": "[parameters('metricTriggerTypeTrigger')]",
            "threshold": "[parameters('thresholdTrigger')]",
            "thresholdOperator": "[parameters('operatorTrigger')]"
        "description": "[parameters('alertDescription')]",
        "displayname": "[parameters('alertName')]",
        "enabled": "true",
        "schedule": {
          "frequencyInMinutes": "[parameters('PfrequencyInMin')]",
          "timeWindowInMinutes": "[parameters('PtimeWindowFrequency')]"
        "source": {
          "datasourceID": "[parameters('resourceId')]",
          "query": "[parameters('query')]",
          "queryType": "[parameters('queryType')]"
      "tags": {},
      "type": "microsoft.insights/scheduledqueryrules"
  "variables": {}


    "$schema":  "",
    "contentVersion":  "",
  "parameters": {
    "actionGroup": {
      "value": "Production Server"
    "alertDescription": {
      "value": "RAM used in percentage"
    "alertName": {
      "value": "VM - Memory Usage (Metric)"
    "alertSeverity": {
      "value": 3
    "consecutiveBreachTrigger": {
      "value": "1"
   // "isEnabled": {
   //   "value": true
   // },
    "metricColumn": {
      "value": "Computer"
    "metricTriggerTypeMetricTrigger": {
      "value": "Consecutive"
    "metricTriggerTypeTrigger": {
      "value": "Consecutive"
    "operatorMetricTrigger": {
      "value": "GreaterThan"
    "operatorTrigger": {
      "value": "GreaterThan"
    "PfrequencyInMin": {
      "value": "30"
    "PtimeWindowFrequency": {
      "value": "60"
    "query": {
      "value": "InsightsMetrics | where Namespace == 'Memory' and Name == 'AvailableMB'  | extend Max=parsejson(tostring(Tags)) | mvexpand Max | extend memorySizeMB=todecimal(Max['']) | project TimeGenerated, Computer , Namespace, Val ,  Mem = round(memorySizeMB, 1)| extend Percentage = Val / Mem * 100 | summarize AggregatedValue = avg(Percentage) by Computer, bin(TimeGenerated, 30m)"
    "queryType": {
      "value": "Metric"
    "region": {
      "value": "westeurope"
    "resourceId": {
      "value": "/subscriptions/efcfb0fe-d308-4c80-9615-57eddb9b2d2a/resourceGroups/Gizmo-hosted-logs/providers/Microsoft.OperationalInsights/workspaces/Gizmo-hosted-logs"
    "thresholdMetricTrigger": {
      "value": "1"
    "thresholdTrigger": {
      "value": "80"

Заранее спасибо.

С Уважением,

Aurà © lien

Если вы хотите создать оповещение об исследовании журнала, измените тип запроса на ResultCount и нам также нужно указать триггер, например

"trigger": {
        "thresholdOperator": "<>",
        "threshold": 0,
        "metricTrigger": {
          "thresholdOperator": "<>",
          "threshold": 1,
          "metricTriggerType": "Consecutive",
          "metricColumn": "<your colum>"


    "$schema": "",
    "contentVersion": "",
    "parameters": {
    "variables": {
        "alertLocation": "Region Name for your Application Insights App or Log Analytics Workspace",
        "alertName": "test",
        "alertDescr": "test",
        "alertStatus": "true",
            "Query":"Perf\r\n| where CounterName == \"Free Megabytes\" and InstanceName == \"D:\"\r\n| where TimeGenerated > ago(7d)\r\n| where Computer == \"win2012\"\r\n| summarize AggregatedValue = min(CounterValue) by bin(TimeGenerated, 5m)\n",

            "SourceId": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.OperationalInsights/workspaces/servicews",
            "Frequency": 5,
            "Time": 5
            "SeverityLevel": "3",
            "SuppressTimeinMin": 20
        "metricMeasurement": {
            "thresholdOperator": "GreaterThan",
          "threshold": 1,
          "metricTriggerType": "Consecutive",
          "metricColumn": "TimeGenerated"
            "ActionGroup": "/subscriptions/a123d7efg-123c-1234-5678-a12bc3defgh4/resourceGroups/contosoRG/providers/microsoft.insights/actiongroups/sampleAG"

    "resources":[ {
        "apiVersion": "2018-04-16",
        "location": "[variables('alertLocation')]",
            "description": "[variables('alertDescr')]",
            "enabled": "[variables('alertStatus')]",
            "source": {
                "query": "[variables('alertSource').Query]",
                "authorizedResources": "[concat(array(variables('alertSource').Resource1), array(variables('alertSource').Resource2))]",
                "dataSourceId": "[variables('alertSource').SourceId]",
                "frequencyInMinutes": "[variables('alertSchedule').Frequency]",
                "timeWindowInMinutes": "[variables('alertSchedule').Time]"
                "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction",
                "throttlingInMin": "[variables('alertActions').SuppressTimeinMin]",
                    "actionGroup": "[array(variables('actionGrp').ActionGroup)]"
                        "thresholdOperator": "[variables('metricMeasurement').thresholdOperator]",
                        "threshold": "[variables('metricMeasurement').threshold]",
                        "metricColumn": "[variables('metricMeasurement').metricColumn]",
                        "metricTriggerType": "[variables('metricMeasurement').metricTriggerType]"
    } ]


Для получения более подробной информации, пожалуйста, обратитесь к

