The following sections describe the Azure unified alert Event Policies that are included in the Microsoft: Azure PowerPack and information about configuring Azure and SL1 to generate events based on Azure unified alerts:
Prerequisites for Configuring Azure Unified Alerts
In addition to SL1 collecting metrics for Azure resources, you can configure Azure to send alert information to SL1 via API. SL1 can then generate an event for each alert.
However, before you can monitor Azure unified alerts in SL1 using the Microsoft: Azure PowerPack, you must first configure Azure to proactively send alerts when important conditions are found in your Azure monitoring data. These alerts are based on metrics and activity logs, and are raised when the alert's monitor condition is set to "fired".
You must also create alert rules in Azure that determine the following:
- The resource that the alert is targeting
- The signal from the target resource that could trigger the alert
- The logic that determines whether the signal from the target resource actually triggers the alert
For details about how to create and manage alert rules, see https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview.
Azure Unified Alert Event Policies
The Microsoft: Azure PowerPack includes several pre-defined event policies for unified alerts, based on their severity:
| Event Policy Name | Event Source | Severity |
|---|---|---|
| Microsoft: Azure Alert Severity 0 | API | Critical |
| Microsoft: Azure Alert Severity 1 | API | Major |
| Microsoft: Azure Alert Severity 2 | API | Minor |
| Microsoft: Azure Alert Severity 3 | API | Notice |
| Microsoft: Azure Alert Severity 4 | API | Notice |
|
Microsoft: Azure Alert Severity 0 Resolved Microsoft: Azure Alert Severity 1 Resolved Microsoft: Azure Alert Severity 2 Resolved Microsoft: Azure Alert Severity 3 Resolved Microsoft: Azure Alert Severity 4 Resolved |
API | Healthy |
These events are aligned to Azure component devices in the following way:
- If the alert is targeted to a component device that is discovered in SL1, then the event in SL1 will be aligned with that component device.
- If the alert is targeted to a component device that either is not discovered in SL1 or if SL1 cannot determine the appropriate component device, then that alert will be aligned to the Azure subscription component device.
The Healthy events are raised when the alert's monitor condition is "resolved" or the alert state is "acknowledged" or "closed".
Enabling the "Microsoft: Azure Unified Alerts Performance" Dynamic Application
The Microsoft: Azure PowerPack also includes a "Microsoft: Azure Unified Alerts Performance" Dynamic Application. This Dynamic Application collect alerts from the Azure API for all available resources and associates the alerts with the appropriate Azure component devices in SL1, if applicable. If an appropriate component device does not exist in SL1 or cannot be determined, the alert is instead associated with the component device for the Azure subscription.
This Dynamic Application must be enabled if you want SL1 to generate unified alert events.
To enable the "Microsoft: Azure Unified Alerts Performance" Dynamic Application:
- Go to the Dynamic Applications Manager page (System > Manage > Dynamic Applications), or (System > Manage > Applications) in the classic SL1 user interface.
- Locate the "Microsoft: Azure Unified Alerts Performance" Dynamic Application and then click its wrench icon (
). The Dynamic Applications Properties Editor page appears.
- In the Operational State field, select Enabled.
- Click .
Viewing Azure Unified Alert Counts
After you have enabled the "Microsoft: Azure Unified Alerts Performance" Dynamic Application and it has begun collecting alerts from the Azure API, you can view a count of the total number of alerts generated for each severity level for a given component device.
By default, the "Microsoft: Azure Unified Alerts Performance" Dynamic Application collects alerts over a 1-day period.
To view Azure unified alert counts:
- Go to the Device Components page (Devices > Device Components), or (Registry > Devices > Device Components) for the classic SL1 user interface.
- Click the plus-sign icon (+) for your Azure service until you locate the Azure component device for which you want to see an alert count. Click its graph icon (
). The Device Summary page appears. - Click the tab. The Device Performance page appears.
- Click the Microsoft: Azure Unified Alerts Performance link to expand the options listed, and then select the alert severity for which you want to see metrics. The performance graph displays a graph detailing the count for your selected alert severity over the selected timespan.