You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/alerts/activity-log-alerts.md
+21-9Lines changed: 21 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,18 +26,20 @@ You can create activity log alert rules to receive notifications on one of the f
26
26
27
27
> [!NOTE]
28
28
> Alerts **cannot** be created for events in Alert category of activity log.
29
-
>
29
+
30
+
31
+
## Configuring activity log alert rules
32
+
30
33
You can configure an activity log alert based on any top-level property in the JSON object for an activity log event. For more information, see [Categories in the Activity Log](../essentials/activity-log.md#view-the-activity-log). To learn more about service health events, see [Receive activity log alerts on service notifications](../../service-health/alerts-activity-log-service-notifications-portal.md).
31
34
32
35
An alternative simple way for creating conditions for activity log alerts is to explore or filter events via [Activity log in Azure portal](../essentials/activity-log.md#view-the-activity-log). In Azure Monitor - Activity log, one can filter and locate a required event and then create an alert to notify on similar by using the **New alert rule** button.
33
36
34
37
> [!NOTE]
35
38
> An activity log alert rule monitors only for events in the subscription in which the alert rule is created.
36
39
40
+
Activity log events have a few common properties which can be used to define a the activity log alert rule condition:
37
41
38
-
Activity log alerts have a few common options:
39
-
40
-
-**Category**: Administrative, Service Health, Autoscale, Security, Policy, and Recommendation.
42
+
-**Category**: Administrative, Service Health, Resource Health, Autoscale, Security, Policy, or Recommendation.
41
43
-**Scope**: The individual resource or set of resource(s) for which the alert on activity log is defined. Scope for an activity log alert can be defined at various levels:
42
44
- Resource Level: For example, for a specific virtual machine
43
45
- Resource Group Level: For example, all virtual machines in a specific resource group
@@ -49,20 +51,30 @@ Activity log alerts have a few common options:
49
51
-**Status**: The status of the event, typically Started, Failed, or Succeeded.
50
52
-**Event initiated by**: Also known as the "caller." The email address or Azure Active Directory identifier of the user (or application) who performed the operation.
51
53
52
-
> [!NOTE]
53
-
> In a subscription up to 100 alert rules can be created for an activity of scope at either: a single resource, all resources in resource group (or) entire subscription level.
54
+
In addition to these comment properties, different activity log events categories have categpry-specific properties that can be used to define an alert rule for events of this category. For example, when creating a service health alert rule you can configure a condition on the impacted region name or service name that appear in the event.
55
+
56
+
## Using action groups
54
57
55
-
When an activity log alert is activated, it uses an action group to generate actions or notifications. An action group is a reusable set of notification receivers, such as email addresses, webhook URLs, or SMS phone numbers. The receivers can be referenced from multiple alerts to centralize and group your notification channels. When you define your activity log alert, you have two options. You can:
58
+
When an activity log alert is fired, it uses an action group to generate actions or notifications. An action group is a reusable set of notification receivers, such as email addresses, webhook URLs, or SMS phone numbers. The receivers can be referenced from multiple alerts to centralize and group your notification channels. When you define your activity log alert rule, you have two options. You can:
56
59
57
-
* Use an existing action group in your activity log alert.
60
+
* Use an existing action group in your activity log alert rule.
58
61
* Create a new action group.
59
62
60
63
To learn more about action groups, see [Create and manage action groups in the Azure portal](./action-groups.md).
61
64
65
+
## Activity log alert rules limit
66
+
You can create up to 100 active activity log alert rules per subscription (including alert rules all activity log categories, such as resource health or service health ). This limit can't be increased.
67
+
If you are reaching near this limit, there are several guidelines you can follow to optimize the use of activity log alerts rules so that you can cover more resources and events with the same number of rules:
68
+
* A single activity log alert rule can be configured to cover the scope of a single resource, a resource group, or an entire subscription. To reduce the number of rules you're using, consider to replace multiple rules covering a narrow scope with a single rule covering a broad scope. For example, if you have multiple VMs in a subscription, and you want an alert to be triggered whenever one of them is restarted, you can use a single activity log alert rule to cover all the VMs in your subscription. The alert will be triggered whenever any VM in the subscription is restarted.
69
+
* A single service health alert rule can cover all the services and Azure regions used by your subscription. If you're using multiple service health alert rules per subscription, you can replace them with a single rule (or with a small number of rules, if you prefer).
70
+
* A single resource health alert rule can cover multiple resource types and resources in your subscription. If you're using multiple resource health alert rules per subscription, you can replace them with a smaller number of rules (or even a single rule) that covers multiple resource types.
71
+
62
72
63
73
## Next steps
64
74
65
75
- Get an [overview of alerts](./alerts-overview.md).
66
76
- Learn about [create and modify activity log alerts](alerts-activity-log.md).
67
77
- Review the [activity log alert webhook schema](../alerts/activity-log-alerts-webhook.md).
68
-
- Learn about [service health notifications](../../service-health/service-notifications.md).
78
+
- Learn more about [service health alerts](../../service-health/service-notifications.md).
79
+
- Learn more about [Resource health alerts](../../service-health/resource-health-alert-monitor-guide.md).
80
+
- Learn more about [Recommendation alerts](../../advisor/advisor-alerts-portal.md).
0 commit comments