问题
I'm using Azure Monitor/Log Analytics to trigger alerts successfully. I'm trying to get the alerts into a Microsoft Teams channel (as well as a slack channel for debugging) with no success.
I've an alert that's successfully being triggered. I have an action group with my email, sms and azure app push configured. I've been receiving these messages each time the alert triggers.
I've got another action group with a couple of webhooks in for a Microsoft Teams and Slack channels. I'm not receiving anything on these channels.
I've enabled the custom 'Include custom Json payload for webhook' and pasted both the suggested json and the following
{ "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}
I get the emails/sms/push notifications but not the messages to the web hooks. I've tried leaving the common alert schema set to no in the action group, the default (as well trying unsuccessfully on yes as well).
Suspecting it's something to do with the custom payload json as mention here https://azure.microsoft.com/en-gb/blog/webhooks-for-azure-alerts/
Any ideas on how I can get my alerts into teams?
Thanks
回答1:
Managed to crack it and get it working everyone!
Using Azure Automation, a runbook/webhook.
Added the following as a runbook (update your uri):
param
(
[Parameter (Mandatory=$false)]
[object] $WebhookData
)
if ($WebhookData)
{
# Get the data object from WebhookData.
$WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
$alertName = $WebhookBody.alertname
$alertDescription = $WebhookBody.alertDescription
$linkToSearch = $WebhookBody.linktosearchresults
$query = $WebhookBody.searchquery
$results = $WebhookBody.resultcount
$AlertThreshold = $WebhookBody.AlertThreshold
$AlertThresholdValue = $WebhookBody.AlertThresholdValue
$StartTime = $WebhookBody.SearchStartTime
$EndTime = $WebhookBody.SearchEndTime
$formatLink = "[Link]($linkToSearch)"
$formatMessage = "$alertName has exceeded the threshold $AlertThreshold $AlertThresholdValue. Results returned: $results"
$uri = 'https://teams-connector-uri'
$body = ConvertTo-Json -Depth 4 @{
summary = $alertName
sections = @(
@{
activityTitle = $alertName
activitySubtitle = $alertDescription
activityText = $formatMessage
},
@{
title = 'Details'
facts = @(
@{
name = 'Query time range. (UTC)'
value = "$StartTime $EndTime"
},
@{
name = 'Link to search results'
value = $formatLink
},
@{
name = 'Query Executed'
value = $query
}
)
}
)
}
Invoke-RestMethod -uri $uri -Method Post -body $body -ContentType 'application/json'
}
Then generate a webhook for the runbook and add this into the Azure Alert.
In the azure alert i've set the custom payload to this:
{ "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}
Bingo, triggered alert and alert came through
回答2:
I haven't worked with Azure alert, so I'm not sure exactly what options you have available, but it looks like, from the fact that your payload is structured, that you'd like to format it into some consistent mechanism.
A common way to to this using Connectors is the use something like an "actionable message card". In essence, you're sending like a mini formatted popup window into the Team channel. To see some examples, go here and click "Select a sample" on the top left menu.
To do this, the Card doesn't need to be very complex, but you do need to give a tiny bit of thought to what you want it to look like, and possibly what actions you want to offer. For example, you probably want the name and description in a tabular format of some sort, and the LinkToSearchResults to be a button on the bottom that loads a browser window. The Actionable Messages Designer can also be useful to help you put it together. When you have the final design, you'll end up with a JSON text payload, and you just need to compose that together with the tokens from Azure.
Like I said, I haven't worked with Azure alerts, but I think this should help.
回答3:
I'm also looking into doing this and get exactly the same results as @JohnFox
Pretty tragic it can't just do it.
I've read somewhere you have to set up a Function or Logic App to be an "inbetween" from Azure to Teams (or Slack)
I tried this workaround...
http://www.nibrasmanna.com/send-azure-outage-notifications-to-microsoft-teams/
...but it is unworkable, all of the messages do get through to Teams, but the emails are too large to display.
To be honest getting webhooks running seems to be hard work
If anyone comes across a decent tutorial of getting this up and running, please post back - Thanks
来源:https://stackoverflow.com/questions/59883257/azure-monitor-alerts-using-webhook-to-microsoft-teams-no-messages-to-teams