返回 BadRequest 的 New-AzScheduledQueryRule答案

【问题标题】：New-AzScheduledQueryRule returning BadRequest返回 BadRequest 的 New-AzScheduledQueryRule
【发布时间】：2020-03-29 00:32:46
【问题描述】：

我想根据查询使用 PowerShell 创建日志警报。我按照https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log#managing-log-alerts-using-powershell 下的说明进行了修改，如下所示：

$source = New-AzScheduledQueryRuleSource -Query "AzureActivity | where Category == 'Policy' and Level != 'Informational' | extend p=todynamic(Properties) | extend policies=todynamic(tostring(p.policies)) | mvexpand policy = policies | where p.isComplianceCheck == 'False'" -DataSourceId "$Workspace.ResourceId"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 5 -TimeWindowInMinutes 5

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "GreaterThan" -Threshold 0 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "$actionGroup.Id" -EmailSubject "New Resource Group with missing tags" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition

上述命令成功，但是当我运行以下命令来创建规则时：

New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

我收到了一个错误请求：

PS /home/nicolas> New-AzScheduledQueryRule -ResourceGroupName $ResourceGroup -Location $Location -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source$source -Name "Alert Name"
WARNING: 12:29:17 AM - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases.
WARNING: 12:29:17 AM - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes.
New-AzScheduledQueryRule: Exception type: Exception, Message: System.Exception: Error occurred while creating Log Alert rule
 ---> System.AggregateException: One or more errors occurred. (Operation returned an invalid status code 'BadRequest')
 ---> Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'BadRequest'
   at Microsoft.Azure.Management.Monitor.ScheduledQueryRulesOperations.CreateOrUpdateWithHttpMessagesAsync(String resourceGroupName, String ruleName, LogSearchRuleResource parameters, Dictionary`2customHeaders, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.Commands.Insights.ScheduledQueryRules.NewScheduledQueryRuleCommand.ProcessRecordInternal()
   at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase: Null
PS /home/nicolas>

我找不到原因。

你有什么想法吗？

提前致谢尼古拉斯

【问题讨论】：

Nicolas，你能做到吗？我也有同样的问题。
嗨，不，我通过使用 ARM 模板进行警报部署解决了这个问题。
这只是为了部署或创建警报:)？我正在调查为资源创建警报，我相信您正在考虑的原始解决方案正在执行。

标签： azure powershell azure-cloud-shell

【解决方案1】：

bad request 错误太板了，你可以使用Fiddler 来捕捉详细的错误信息。并为$actionGroup.Id 和$Workspace.ResourceId 指定值（工作区是您之前创建的）。我参考了这个article，这是我的代码：

$source = New-AzScheduledQueryRuleSource -Query 'Heartbeat | summarize AggregatedValue = count() by bin(TimeGenerated, 5m), _ResourceId' -DataSourceId "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.OperationalInsights/workspaces/yourWorkspaceName"

$schedule = New-AzScheduledQueryRuleSchedule -FrequencyInMinutes 15 -TimeWindowInMinutes 30

$metricTrigger = New-AzScheduledQueryRuleLogMetricTrigger -ThresholdOperator "GreaterThan" -Threshold 2 -MetricTriggerType "Consecutive" -MetricColumn "_ResourceId"

$triggerCondition = New-AzScheduledQueryRuleTriggerCondition -ThresholdOperator "LessThan" -Threshold 5 -MetricTrigger $metricTrigger

$aznsActionGroup = New-AzScheduledQueryRuleAznsActionGroup -ActionGroup "/subscriptions/xxxxxxx/resourceGroups/xxxxxxx/providers/microsoft.insights/actiongroups/yourAGName" -EmailSubject "Custom email subject" -CustomWebhookPayload "{ `"alert`":`"#alertrulename`", `"IncludeSearchResults`":true }"

$alertingAction = New-AzScheduledQueryRuleAlertingAction -AznsAction $aznsActionGroup -Severity "3" -Trigger $triggerCondition


New-AzScheduledQueryRule -ResourceGroupName "xxxxxxx" -Location "Central US" -Action $alertingAction -Enabled $true -Description "Alert description" -Schedule $schedule -Source $source -Name "Alert Name"

这是输出：

【讨论】：

感谢您的意见。我知道 BadRequests 太板了，但是您对 Fiddler 的建议非常有帮助，因为我不知道。至于这个问题，周一周日我决定通过使用 ARM 模板进行警报部署来解决这个问题，并且它可以工作。无论如何，我会保留您的建议以备将来使用。
嘿，我现在实际上正在自己解决这个问题，并且遇到了同样的问题。有点不知道该做什么。我应该先在 Azure 中创建警报吗？我相信您可以使用 Powershell 从头开始创建一个？