Explanation of Alerts from the Azure Monitor(ARM and REST API)

There have been many changes to Alerting on the Azure platform recently. I will try to explain the state as of today.

We have:

• Metrics Alerts - Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics.
  • Example: Percentage CPU GreaterThan 95.
• Metric Alerts for Logs - You can use metric alerts on popular Log Analytics logs extracted as metrics as part of Metrics from Logs including resources in Azure or on-premise. Near-real time monitoring capability.
  • Example: Heartbeat GreaterThan 1
• Activity log alerts - Activity log alerts are the alerts that get activated when a new activity log event occurs that matches the conditions specified in the alert.
  • Example: Whenever the Recommendation Activity Log "Delete Resource Group (subscriptions/resourceGroups)" has "any" level, with "any" status and event is initiated by "any"
• Log alerts - Log Alert consists of Log Search rules created for Azure Log Analytics or Application Insights.
  • Example: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Stopped" or ResultType == "Suspended") | project TimeGenerated , RunbookName_s , ResultType , Resource

Metrics Alerts:

• Target = Supported Resources
• Lowest run frequency: 1 min
• Stateful: only notifying once when alert is fired and once when alert is resolved.
• Metrics and Dimensions Supported
• ARM Template for Metric Alert
• ARM Template for Metric Alert with Dynamic Thresholds
• ARM Template for Metric Alert that monitors multiple resources
• Rest API for Metric Alerts

Metric Alerts for Logs:

• Target = Log Analytics workspace.
• Supported :
  • Performance counters for Windows & Linux machines (you must first configure their collection in LA)
  • Heartbeat records for Agent Health
  • Update management records
  • Event data logs
• Stateful: only notifying once when alert is fired and once when alert is resolved.
• Multi-dimensional
• Lowest run frequency: 1 min
• ARM Template for Metric Alerts for Logs with static threshold
• ARM Template Metric Alerts for Logs with Dynamic Thresholds
• Rest API for Metrics Alerts for Logs

Activity log alerts:

• Alert triggered immediately.
• ARM Template for Activity log alerts
• Rest API for Activity log alerts

Log alerts:

• Target = Log Analytics workspace.
• Lowest run frequency: 5 min
• Stateless: keep firing at every interval if the alert condition is met.
• Older ARM Template for Log alerts(If you are creating alerts form Portal this template is used.)
• Older Rest API for Log alerts(If you are creating alerts form Portal this API is used.)
• Newest ARM Template for Log alerts(Please use this)
• Newest Rest API for Log alerts(Please use this)
• You can force switch from legacy Log Alerts API to the new one