I am a big fan of Azure Monitor and Azure in general. What I like is the service offers, the flexibility, standards and the chance that you can build basically anything you want – the limit is your imagination. In terms of flexibility I have a nice example which was bothering me for some time.
The problem Azure Monitor has is, that we are not able to modify a lot in the Azure portal in terms of appearance and formatting. Luckily the action groups support a variety of ways to send notifications. The follwoing options we could use…
Probably one of the most flexible approaches is to play with webhooks. Why? Well, a webhook uses http(s) to communicate and sends a bunch of JSON which we can customize in Azure Monitor itself (source) …
…or at the receiver side (target) as we will see in this example.
I thought I would use a Logic App to transform the alert output to a pretty looking mail. Of course I could have used another automation service in Azure like Azure Automation or Azure Function, but because Logic App is such a cool kid I wanted to play with it.
Bevor we can modify the output of Azure Monitor we need to understand how the JSON object might look like, which is delivered by the webhook. It looks like this…
…in the sample above you recognize that I used a Log Analytics search query to provide some data. In Azure Monitor the alert configuration looks like this…
Of course if you configure other alerts or queries you will receive other output,
Next we will cover the Logic App which is the interesting part. The Logic App looks like this…
…well I am not sure if you are bored, impressed or just shocked 
. But don’t worry we will cover each step now.
First there is the trigger which receives the data from Azure Monitor via webhook…
…there is not much more to say. Then we need to initialize a variable, so we can store the items which are produced in the second fore each loop. There is no need to provide a value, just leave it null. The type is array, because we are going to store JSON objects in the variable as you will see later.
The next step is to parse the JSON from Azure Monitor. The input is the body content from step 1…
…in order to understand the JSON structure we just paste a sample payload into this action…
…and this will generate the schema for us.
The next block of actions is a bit more complicated. The principle is simple dough. First we loop through each table in the JSON object, then for each entry in the table we compose a JSON object. Then we save each JSON table entry in the array variable.
The compose part is where you are able to choose how you are going to name your properties. The JSON table rows looks like this…
…next you assign the items to a custom JSON object…
…that’s it.
Then we need to assign the JSON array variable to the HTML table action, which will automagically generate a table for us and finally send an email with the content we want. Make sure you switch to HTML format so the table and formatting will appear properly. There is also an action to create a CSV table, which works the same way.
The final mail will look like this…
I know it is probably the ugliest mail you have ever seen, but I think as a demo mail it shows pretty much how it works.
This is one approach how you can deal with webhooks, JSON and Logic App.
I have 2 extra tips for building such solutions. First there is Postman, which lets you trigger webhooks with JSON payloads, so you don’t need to wait for Azure Monitor to trigger alerts. I highly recommend this tool! I marked the settings which you need to provide in order to work.
The second tip if you need to create HTML content, just use one of the many online HTML editors like this here https://html-online.com/editor/ . This way you will be able to create much nicer mails then I did.
I want to thank my fellow MVP Cameron Fuller for his support and idea to this little project!
Update 24.08.2018: Cameron Fuller published a blog post where is addresses the same issue using an Azure Automation runbook you can find his post here
I hope you found this post useful and cool as I do.
Can I ask how and where did you get JSON object which was generated/delivered by webhook?