New-AzScheduledQueryRule, возвращающий BadRequest - PullRequest
Новая
       55

New-AzScheduledQueryRule, возвращающий BadRequest

1 голос
/ 29 марта 2020

Я хочу создать оповещение журнала с помощью PowerShell на основе запроса. Я следую инструкциям в https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing -log-alerts-using-powershell , и я изменил свой код следующим образом: 

$source = New-AzScheduledQueryRuleSource -Query "AzureActivity | where Category == 'Policy' and Level != 'Informational' | extend p=todynamic(Properties) | extend policies=todynamic(tostring(p.policies)) | mvexpand policy = policies | where p.isComplianceCheck == 'False'" -DataSourceId "$Workspace.ResourceId"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 5 -TimeWindowInMinutes 5

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "$actionGroup.Id" -EmailSubject "New Resource Group with missing tags" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition

Вышеуказанные команды выполняются успешно, но когда я запускаю следующий для создания правила: 

New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

Я получаю BadRequest: 

PS /home/nicolas> New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source$source -Name "Alert Name"
WARNING: 12:29:17 AM - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases.
WARNING: 12:29:17 AM - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes.
New-AzScheduledQueryRule: Exception type: Exception, Message: System.Exception: Error occurred while creating Log Alert rule
 ---> System.AggregateException: One or more errors occurred. (Operation returned an invalid status code 'BadRequest')
 ---> Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'BadRequest'
   at Microsoft.Azure.Management.Monitor.ScheduledQueryRulesOperations.CreateOrUpdateWithHttpMessagesAsync(String resourceGroupName, String ruleName, LogSearchRuleResource parameters, Dictionary`2customHeaders, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase: Null
PS /home/nicolas>

Я не могу найти причину.

У вас есть какие-либо идея?

Заранее спасибо Николас

1 Ответ

0 голосов
/ 30 марта 2020

Ошибка неверного запроса слишком большая, вы можете использовать Fiddler, чтобы получить подробное сообщение об ошибке. И укажите значения для $actionGroup.Id и $Workspace.ResourceId (рабочая область создана вами ранее). Я ссылаюсь на эту статью и хорошо работаю, вот мой код: 

$source = New-AzScheduledQueryRuleSource -Query 'Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m), _ResourceId' -DataSourceId "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.OperationalInsights/workspaces/yourWorkspaceName"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 15 -TimeWindowInMinutes 30

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 2 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "LessThan" -Threshold 5 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.insights/actiongroups/yourAGName" -EmailSubject "Custom email subject" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition


New-AzScheduledQueryRule -ResourceGroupName "xxxxxxx" -Location "Central US" -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

Вот вывод:

enter image description here

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Похожие темы

...