Alert Category

Overview:

The following section provides an overview of the schema for the Alert Category as well as provides the specific properties for each alert subtype.

Alert Category

The Alert category in the Azure Activity Log records all activations of classic Azure alerts. You can customize alerts to meet your operational needs, such as monitoring CPU usage on a virtual machine. When the conditions defined in an alert rule are met, and a notification is triggered, the activation is logged in this category. These alerts come into the form of alerts and metrics.

Schema

Element Name
Description

caller

Always Microsoft.Insights/alertRules

channels

Always “Admin, Operation”

claims

JSON blob with the SPN (service principal name), or resource type, of the alert engine.

correlationId

A GUID in the string format.

description

Static text description of the alert event.

eventDataId

Unique identifier of the alert event.

category

Always "Alert"

level

Severity level of the event.

resourceGroupName

Name of the resource group for the impacted resource if it's a metric alert. For other alert types, it's the name of the resource group that contains the alert itself.

resourceProviderName

Name of the resource provider for the impacted resource if it's a metric alert. For other alert types, it's the name of the resource provider for the alert itself.

resourceId

Name of the resource ID for the impacted resource if it's a metric alert. For other alert types, it's the resource ID of the alert resource itself.

operationId

A GUID shared among the events that correspond to a single operation.

operationName

Name of the operation.

properties

Set of <Key, Value> pairs (that is, a Dictionary) describing the details of the event.

status

String describing the status of the operation. Some common values are: Started, In Progress, Succeeded, Failed, Active, Resolved.

subStatus

Usually null for alerts.

eventTimestamp

Timestamp when the event was generated by the Azure service processing the request corresponding the event.

submissionTimestamp

Timestamp when the event became available for querying.

subscriptionId

Azure Subscription ID.

Activity Log Alert Specific Properties

Element Name
Description

properties.subscriptionId

The subscription ID from the activity log event that caused this activity log alert rule to be activated.

properties.eventDataId

The event data ID from the activity log event that caused this activity log alert rule to be activated.

properties.resourceGroup

The resource group from the activity log event that caused this activity log alert rule to be activated.

properties.resourceId

The resource ID from the activity log event that caused this activity log alert rule to be activated.

properties.eventTimestamp

The event timestamp of the activity log event that caused this activity log alert rule to be activated.

properties.operationName

The operation name from the activity log event that caused this activity log alert rule to be activated.

properties.status

The status from the activity log event that caused this activity log alert rule to be activated.

Metric Alert Specific Properties

Element Name
Description

properties.RuleUri

Resource ID of the metric alert rule itself.

properties.RuleName

The name of the metric alert rule.

properties.RuleDescription

The description of the metric alert rule (as defined in the alert rule).

properties.Threshold

The threshold value used in the evaluation of the metric alert rule.

properties.WindowSizeInMinutes

The window size used in the evaluation of the metric alert rule.

properties.Aggregation

The aggregation type defined in the metric alert rule.

properties.Operator

The conditional operator used in the evaluation of the metric alert rule.

properties.MetricName

The metric name of the metric used in the evaluation of the metric alert rule.

properties.MetricUnit

The metric unit for the metric used in the evaluation of the metric alert rule.

Last updated