Azure Monitor Availability alerts using Resource Graph Queries

We recently announced how you can use Azure Log Analytics to create alerts on Azure Resource Graph queries. Here, I wanted to discuss possible scenarios and examples on how this can be used to check the availability for services across Azure and even on Azure Arc enabled resources.

 

Azure Resource Graph queries

Azure Resource Graph is a service within Azure that enhances Azure Resource Management. It allows you to explore resources efficiently and quickly by running queries across a specific group of subscriptions. These queries are written in the Kusto Query Language (KQL), which is a widely used format with other Azure services like Log Analytics.

 

Trivia: Most of the screens you see on Azure portal give you an option to check the KQL query behind getting that data.

 

 

 

Using Graph queries to generate alerts

Earlier, it was only possible to generate alerts using Log Analytics queries or Metrics. Now, the alerts can be generated on Azure Resource Graph queries. This can really help with setting up the availability alerts for most of the Azure services. Let us take a look at it with some examples.

 

SQL Managed Instance Availability

SQL MI supports various types of Metrics and Logs with Azure Monitor. However, sometimes, customers only want to receive a simple alert on whether the instance is up or down. ARG query can let you know the state of the instance which can be further converted to an alert.

 

Resources | where type == "microsoft.sql/managedinstances" | project name, state = tostring(properties.state)

 

The above query can give you the current state of the SQL MI instance.

 

 

Now, this same query can be converted to an alert. The idea is to check if the SQL MI instance is in any other state than “Ready” and generate the alert. For this, we can write something like this:

 

Resources | where type == "microsoft.sql/managedinstances" | extend state = tostring(properties.state) | extend available = iif(state=="Ready" ,1 ,0) | project name, available

 

Result:

 

 

To convert this into an alert, go to Monitor – Alert Rules section and create a new one.

You will have to select a Log Analytics workspace (logs are not stored in LA workspace, it is only used to generate the alerts) as the scope.

 

On the Conditions page, configure the following:

 

 

 

If you look in the configuration, we are checking the average of “available” parameter every 5 minutes and if it is anything less than 1, then an alert can be triggered.

The rest of the alert’s screens are standard. You can set up an email alert, or call a webhook or Logic App etc.

 

Conclusion

You can use the above logic to get details on Azure and Azure Arc enabled resources and create alerts from the same. For e.g. to generate an alert for Azure Arc enabled servers on their connection state, this can be used:

resources | where type == 'microsoft.hybridcompute/machines' | extend state = tostring(properties.status) | extend connected = iif(state=="Connected" ,1 ,0) | project name, connected