Monitoring and Alerting Runbooks with Log Analytics and Azure Monitor

Automation Account can send runbook job status and job streams to Log Analytics workspace, and we can use it to create alerts.

First, we need to connect Automation Account to Log Analytics:

$automationAccountId = (Get-AzureRmResource -ResourceType "Microsoft.Automation/automationAccounts" -ResourceGroupName $ResourceGroup).ResourceId

$workspaceId = (Get-AzureRmOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupLA -Name $WorkspaceName).ResourceId

Set-AzureRmDiagnosticSetting -ResourceId $automationAccountId -WorkspaceId $workspaceId -Enabled $true

Quick check in Azure Portal on the automation account if there is a connection to Log Analytics:

Now we can create two alerts. First, we need to monitor the Azure Automation task that failed, suspended, or stopped(JobLogs). Secondly, it may happen that the Runbook will be completed successfully, but some steps have failed (JobStreams).

We will use Azure Monitor to set up rules for alerts.

In the Alert target choose your Log Analytics workspace.

Choose Custom log search to open signal logi configurator.

For first rule use this query:

AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Stopped" or ResultType == "Suspended") | project TimeGenerated , RunbookName_s , ResultType , Resource 

and for the second rule use this:

AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | project TimeGenerated , RunbookName_s , StreamType_s , Resource , ResultDescription

Set up the rest of the alert at your discretion, but I recommend it Alert logic to "Number of results Greater than 0", Period(time frame of checked data) to 15min and Frequency(how often alert is checked) to 5min.

Now we need just wait for first error :)