![COMMON ALERT SCHEMA
{
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/<subscription ID>/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330",
"alertRule": "WCUS-R2-Gen2",
"severity": "Sev3",
"signalType": "Metric",
"monitorCondition": "Resolved",
"monitoringService": "Platform",
"alertTargetIDs": [
"/subscriptions/<subscription ID>/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2"
],
"originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227",
"firedDateTime": "2019-03-22T13:58:24.3713213Z",
"resolvedDateTime": "2019-03-22T14:03:16.2246313Z",
"description": "",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": null,
"conditionType": "SingleResourceMultipleMetricCriteria",
"condition": {
"windowSize": "PT5M",
"allOf": [
{
"metricName": "Percentage CPU",
"metricNamespace": "Microsoft.Compute/virtualMachines",
"operator": "GreaterThan",
"threshold": "25",
"timeAggregation": "Average",
"dimensions": [
{
"name": "ResourceId",
"value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e"
}
],
"metricValue": 7.727
}
]
}
}
}
}
Hint: usate un servizio come RequestBin! ?](https://image.slidesharecdn.com/cci2019-obinu-reacttoinfrastructureeventswithazuremonitor-200124094050/85/CCI2019-Reagire-agli-eventi-generati-dalla-propria-infrastruttura-con-Azure-Monitor-25-320.jpg)
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure Monitor
- 2. REAGIRE AGLI EVENTI GENERATI DALLA PROPRIA INFRASTRUTTURA CON AZURE MONITOR Marco obinu @OmegaMadLab
- 3. SPONSOR
- 4. WHO AM I? Marco Obinu Advisory Engineer SoftJam S.p.A. @OmegaMadLab marco.obinu@omegamadlab.com http://www.omegamadlab.com https://github.com/OmegaMadLab https://www.linkedin.com/in/marco-obinu-omegamadlab/ https://www.youtube.com/channel/UCpkBeQSscC1iBvpNP4VNTKQ ? Geek to the bone ? ? Azure Solution Architect Expert
- 5. AGENDA ? La gestione degli eventi e log in Azure ? Azure Monitor ? Serverless automation
- 6. GESTIONE DI EVENTI E LOG IN AZURE CONCETTI DI BASE
- 7. LA POTENZA ? NULLA SENZA CONTROLLO
- 8. MONITORAGGIO REATTIVO O PROATTIVO? Reattivo Reattivo e proattivo
- 9. AZURE MONITOR COS? E COME FUNZIONA
- 10. AZURE MONITOR
- 11. ALIMENTAZIONE
- 12. Creazione Workspace e AppInsight
- 13. Redirezione activity log sottoscrizione
- 14. Redirezione log Azure Active Directory
- 15. LIVE DEMO ? Abilitazione log App Service ? Abilitazione log VM ? Recupero dati da storage account ? Abilitazione log VM non-Azure
- 17. COME UNIFORMARE LE CONFIGURAZIONI? ? DevOps ? Implementazioni serverless event-driven ? Azure Policy
- 18. Utilizzo di Azure Policy
- 20. LIVE DEMO ? Analisi metriche ? Log query ? Solutions ? Workbooks
- 21. KUSTO QUERY LANGUAGE CHEAT SHEET Description SQL Query Azure Monitor log query Select all data from a table SELECT * FROM dependencies dependencies Select specific columns from a table SELECT name, resultCode FROM dependencies dependencies | project name, resultCode Select 100 records from a table SELECT TOP 100 * FROM dependencies dependencies | take 100 String comparison: equality SELECT * FROM dependencies WHERE name = "abcde" dependencies | where name == "abcde" String comparison: substring SELECT * FROM dependencies WHERE name like "%bcd%" dependencies | where name contains "bcd" SQL ? https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/sql-cheatsheet Splunk ? https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/splunk-cheatsheet
- 22. REAZIONE
- 23. ALERTS Definizione scope Soglia su una metrica o su una query Action Group
- 24. LIVE DEMO ? Creazione alert ? Alcuni esempi duso
- 25. COMMON ALERT SCHEMA { "schemaId": "azureMonitorCommonAlertSchema", "data": { "essentials": { "alertId": "/subscriptions/<subscription ID>/providers/Microsoft.AlertsManagement/alerts/b9569717-bc32-442f-add5-83a997729330", "alertRule": "WCUS-R2-Gen2", "severity": "Sev3", "signalType": "Metric", "monitorCondition": "Resolved", "monitoringService": "Platform", "alertTargetIDs": [ "/subscriptions/<subscription ID>/resourcegroups/pipelinealertrg/providers/microsoft.compute/virtualmachines/wcus-r2-gen2" ], "originAlertId": "3f2d4487-b0fc-4125-8bd5-7ad17384221e_PipeLineAlertRG_microsoft.insights_metricAlerts_WCUS-R2-Gen2_-117781227", "firedDateTime": "2019-03-22T13:58:24.3713213Z", "resolvedDateTime": "2019-03-22T14:03:16.2246313Z", "description": "", "essentialsVersion": "1.0", "alertContextVersion": "1.0" }, "alertContext": { "properties": null, "conditionType": "SingleResourceMultipleMetricCriteria", "condition": { "windowSize": "PT5M", "allOf": [ { "metricName": "Percentage CPU", "metricNamespace": "Microsoft.Compute/virtualMachines", "operator": "GreaterThan", "threshold": "25", "timeAggregation": "Average", "dimensions": [ { "name": "ResourceId", "value": "3efad9dc-3d50-4eac-9c87-8b3fd6f97e4e" } ], "metricValue": 7.727 } ] } } } } Hint: usate un servizio come RequestBin! ?
- 26. Alert con Azure Function
- 27. Alert con Logic App ed Azure Function
- 28. Alert con runbook su Hybrid Worker
- 29. Scale-up automatico di Azure SQL DB via Azure Function in funzione del consumo % DTU
- 30. MONITORAGGIO COSTI ? Usage and estimated costs: ? A livello di Azure Monitor ? A livello di Workspace ? Retention, Daily Cap ? A livello di AppInsight ?Retention, Data Sampling, Daily Cap
- 31. RISORSE UTILI ? Demo: https://github.com/OmegaMadLab/AzureMonitorDemo ? Documentazione ufficiale: https://docs.microsoft.com/en-us/azure/azure-monitor/ ? RequestBin: https://requestbin.com/ ? DevOps Heroes 2019 C Automazione serverless con Azure Function in PowerShell: https://youtu.be/0ZK1SQ6zkiU ? Template per Azure Policy: https://github.com/tyconsulting/azurepolicy/tree/master/arm-templates/diagnostic- settings
- 32. GRAZIE!