You can select the signal from the available signals for the target and define the logic test that will be applied to the data from the signal. For example, for a virtual machine, you can use the Percentage CPU metric to generate an alert based on a custom threshold for CPU usage, as shown in Figure 5-23. The alert logic conditions are different for activity log signals or metric signals.
FIGURE 5-23 Azure Monitor alert condition
Configure one or more conditions for the alert rule. After the conditions are defined, click Select Action Group, as shown in Figure 5-24. An action group is a collection of actions that should occur in response to an alert being triggered.
FIGURE 5-24 Azure Monitor action groups
Select the existing action group if you already have one. Otherwise, click Create Action Group to create a new action group, as shown in Figure 5-25.
FIGURE 5-25 Create an action group
When creating a new action group, define the action group name, display name, subscrip- tion, and resource group in which the action group will be created (see Figure 5-25).
On the next tab, you can configure notifications. Select Email/SMS message/Push/Voice from the Notification Type drop-down menu and then configure the desired fields in the notification settings, as shown in Figure 5-26.
FIGURE 5-26 Notifications blade of the Create Action Group blade
In addition to sending email notifications, you can execute the following actions:
- Runbook A set of PowerShell code that runs in the Azure Automation Service. See the following to learn more about using Azure Automation with alerts at https://learn. microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook.
- Function Apps A Function App is a set of code that runs on demand and can respond to alerts. This functionality requires Version 2 of Function Apps, and the value of the AzureWebJobsSecretStorageType app setting must be set to files.
- ITSM You may have up to 10 IT Service Manager (ITSM) actions with an ITSM connec- tion. The following ITSM providers are currently supported: ServiceNow, System Center Service Manager, Provance, and Cherwell.
- Event Hub Add or edit an Event Hub action for a namespace that already exists in one of your Azure subscriptions.
- Logic Apps A Logic App provides a visual designer to model and automate your process as a series of steps known as a workflow. There are many connectors across the cloud and on-premises to quickly integrate across services and protocols. When an alert is triggered, the Logic App can take the notification data and use it with any of the con- nectors to remediate the alert or start other services.
- Webhook Route an Azure alert notification to other systems for post-processing or custom actions. For example, you can use a webhook on an alert to route it to services that send text messages, log bugs, notify a team via chat/messaging services, or do any number of other actions.
- Secure webhook Uses Microsoft Entra ID to authenticate the webhook connection.
You can configure the above actions for the action group on the next tab. Select from the options available in the Action Type drop-down menu, as shown in Figure 5-27.
FIGURE 5-27 Actions tab of the Create Action Group blade
Once the action group is created, specify remaining alert rule details such as the alert rule name, description, resource group to save the alert, severity, and whether to enable the alert upon creation (see Figure 5-28).
