I have been following the updates from Azure Monitor since its birth. Because I am also interested in OMS / Azure Log Analytics it has been an exciting time to see in what direction both products are moving. As we can clearly see the parts of OMS are moving into the Azure portal, there is no doubt about this story. But one open question remains: How will the OMS alerts transformed into the new Azure portal experience?
I think we can answer this question if we look at the recently released Alerts (preview) feature in Azure Monitor.
It shows you a clean overview of alerts fired and total / enabled alerts…
If you select Manage rules the overview changes and we will see all the configured alerts from the legacy OMS portal (http://www.microsoft.com/oms) in Azure Monitor…
So lets create a new alert rule, click New Alert Rule, then you need to select the source first.
There are many resource types available like Public IP addresses, Storage accounts, Automation Accounts etc. Depending on the resource type chosen we will be able to pick different metrics or logs for alerting. E.g. if you choose Automation Account you are able to send alerts on Total Jobs metric. We are interested in Log Analytics custom queries, therefore we choose resource type Log Analytics and as a resource the workspace we want to run the query against…
The next step requires to choose the criteria, so we select Add Criteria….
…this let’s us define a Custom log search query. By selecting the query link, we need to fill out the alert configuration or as it is now called signal logic…
…this configuration will trigger an alert if the aggregated % Processor Time value is higher than 1 and it has been breached at least one time. The check will run every 5 minutes for a period of 5 minutes (time window). As far I have seen it works as in the past when you configured alerts through the OMS portal and these are very well described in this post.
There is a nice visualization, if you choose Number of results instead Metric measurement like above, this will show you actual value information from your query,,,
…of course it does not make sense in this example to choose Number of results, so we select Metric measurement.
So the first part of the configuration summary will look like this…
For the second part you need to name the alert, describe it and choose the severity like informational, warning or critical…
In the third and last step select the action group, if you want to override the subject line of the email and also include custom JSON payload for webhooks. I think this should look familiar if you are configured OMS alerts before…
After you click Done the overview will display the newly created alert rule…
Because we selected to enable the rule after creation, the rule will trigger right after. In my example I configured to send an email and it will look like this…
The new alerting experience is very nicely and seamlessly integrated into Azure Monitor. In this preview there are some things I noticed. First, if you try to modify existing alerts from the OMS portal in Azure Monitor it won’t work. The modify link will redirect to the OMS (legacy) portal. For Azure Log Analytics alerts there can be only one criteria added and is basically a 1:1 take over from the OMS portal. There is more power now in the action groups…
…besides triggering webhook, sending email, starting Azure Automation runbooks (built-In and custom runbooks), we are able to send SMS, trigger ITSM integration and sending notification to the Azure app.
As we can see Microsoft has also moved one of the last missing pieces of OMS into the Azure portal. It makes totally sense to see this movement going on. Azure Monitor seems to become the central place for all your Azure monitoring activities.
