View alerts in Azure Monitor
After an alert rule has been created, you can manage the alert rule and action group through Azure Monitor from the Alerts blade by clicking Manage Alert Rules. Alerts can be managed across multiple subscriptions and can be filtered by resource group, resource type, signal type, and status (see Figure 5-29).
FIGURE 5-29 Azure Monitor new action alert rule details
Alert rules do not generate alerts immediately, and metric alerts can take up to 10 minutes. When alerts are generated, they will be distributed based on the actions defined in the action group. For example, when an email is sent, the defined users will receive a message with the alert details and a link to view the alert in the Azure portal, as shown in Figure 5-30.
FIGURE 5-30 Azure Monitor alert notification email
When an alert is resolved by the state of the monitor condition and changed to Resolved,notifications are sent as well.
Analyze alerts across subscriptions
When an alert rule is created, the alert rule targets resources in a single subscription, and the alerts that are generated based on the alert rules are associated with the subscription from which they are generated. Azure operators are not limited to viewing alerts from only a single subscription through Azure Monitor, which again, provides a single pane of glass for not only managing alert rules across multiple subscriptions, but also for managing the generated alerts.
Recall that alert rules and action groups are separate entities. The alerts that are generated based on the conditional logic of an alert rule are separate entities as well. This means that they are managed independently of alert rules and maintain their own state.
Alerts can have one of three states:
- New The alert is new and has not been reviewed.
- Acknowledged An administrator is taking action on the issue that generated the alert.
- Closed The issue that generated the alert has been resolved, and the alert has been marked as closed.
The state of an alert is updated by the user who is interacting with the alert and is not updated automatically by the Azure platform.
As alerts are generated, they appear on the Alerts blade in Azure Monitor. From the Alerts blade, you can view alerts for all subscriptions, and drill into one or more specific subscriptions, resource groups, and resources. Also, you can filter by Time Range by choosing Past Hour, Past 24 Hours, Past 7 Days, or Past 30 Days from the drop-down menu (see Figure 5-31).
FIGURE 5-31 Azure Monitor Alerts dashboard
The view on this page can be filtered through the drop-down menus on the page. You can also filter, sort, and edit the columns that are displayed with the following limitations:
- When you filter by subscription, you are limited to selecting a maximum of five subscriptions.
- When filtering by resource group, you can only select one resource group at a time.
- The Resource Type filter is dynamic and is based on the selection of the resource group. You will not be able to select resource types that are not deployed to the selected resource group you are filtering with.
- The Time Range filter shows only alerts fired within the selected time window. Sup- ported values are the past hour, the past 24 hours, the past 7 days, and the past 30 days.
Selecting an alert will open the alert details (see Figure 5-32). From this blade, you can view alert history, including any changes to monitor condition state. This is also where you can modify the alert state to New, Acknowledged, or Closed. If the state of an alert is changed, that change is included in the alert history for audit purposes.
