Alert Category
Overview:
The following section provides an overview of the schema for the Alert Category as well as provides the specific properties for each alert subtype.
Alert Category
The Alert category in the Azure Activity Log records all activations of classic Azure alerts. You can customize alerts to meet your operational needs, such as monitoring CPU usage on a virtual machine. When the conditions defined in an alert rule are met, and a notification is triggered, the activation is logged in this category. These alerts come into the form of alerts and metrics.
Schema
caller
Always Microsoft.Insights/alertRules
channels
Always “Admin, Operation”
claims
JSON blob with the SPN (service principal name), or resource type, of the alert engine.
correlationId
A GUID in the string format.
description
Static text description of the alert event.
eventDataId
Unique identifier of the alert event.
category
Always "Alert"
level
Severity level of the event.
resourceGroupName
Name of the resource group for the impacted resource if it's a metric alert. For other alert types, it's the name of the resource group that contains the alert itself.
resourceProviderName
Name of the resource provider for the impacted resource if it's a metric alert. For other alert types, it's the name of the resource provider for the alert itself.
resourceId
Name of the resource ID for the impacted resource if it's a metric alert. For other alert types, it's the resource ID of the alert resource itself.
operationId
A GUID shared among the events that correspond to a single operation.
operationName
Name of the operation.
properties
Set of <Key, Value> pairs (that is, a Dictionary) describing the details of the event.
status
String describing the status of the operation. Some common values are: Started, In Progress, Succeeded, Failed, Active, Resolved.
subStatus
Usually null for alerts.
eventTimestamp
Timestamp when the event was generated by the Azure service processing the request corresponding the event.
submissionTimestamp
Timestamp when the event became available for querying.
subscriptionId
Azure Subscription ID.
Activity Log Alert Specific Properties
properties.subscriptionId
The subscription ID from the activity log event that caused this activity log alert rule to be activated.
properties.eventDataId
The event data ID from the activity log event that caused this activity log alert rule to be activated.
properties.resourceGroup
The resource group from the activity log event that caused this activity log alert rule to be activated.
properties.resourceId
The resource ID from the activity log event that caused this activity log alert rule to be activated.
properties.eventTimestamp
The event timestamp of the activity log event that caused this activity log alert rule to be activated.
properties.operationName
The operation name from the activity log event that caused this activity log alert rule to be activated.
properties.status
The status from the activity log event that caused this activity log alert rule to be activated.
Metric Alert Specific Properties
properties.RuleUri
Resource ID of the metric alert rule itself.
properties.RuleName
The name of the metric alert rule.
properties.RuleDescription
The description of the metric alert rule (as defined in the alert rule).
properties.Threshold
The threshold value used in the evaluation of the metric alert rule.
properties.WindowSizeInMinutes
The window size used in the evaluation of the metric alert rule.
properties.Aggregation
The aggregation type defined in the metric alert rule.
properties.Operator
The conditional operator used in the evaluation of the metric alert rule.
properties.MetricName
The metric name of the metric used in the evaluation of the metric alert rule.
properties.MetricUnit
The metric unit for the metric used in the evaluation of the metric alert rule.
Last updated