Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Write Latency Alert - Deploy_Hybrid_VM_dataDiskWriteLatency

Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Write Latency Alert

Azure Monitor Baseline Alerts (AMBA) Policy definition

Alias

Namespace

ResourceType

Path

PathIsDefault

DefaultPath

Modifiable

Microsoft.Insights/scheduledQueryRules/autoMitigate

microsoft.insights

scheduledqueryrules

properties.autoMitigate

True

False

Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured

microsoft.insights

scheduledqueryrules

properties.checkWorkspaceAlertsStorageConfigured

True

False

Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert

microsoft.insights

scheduledqueryrules

properties.criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert

True

False

Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods

microsoft.insights

scheduledqueryrules

properties.criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods

True

False

Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator

microsoft.insights

scheduledqueryrules

properties.criteria.allOf[*].operator

True

False

Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query

microsoft.insights

scheduledqueryrules

properties.criteria.allOf[*].query

True

False

Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation

microsoft.insights

scheduledqueryrules

properties.criteria.allOf[*].timeAggregation

True

False

Microsoft.Insights/scheduledQueryRules/displayName

microsoft.insights

scheduledqueryrules

properties.displayName

True

False

Microsoft.Insights/scheduledQueryRules/enabled

microsoft.insights

scheduledqueryrules

properties.enabled

True

False

Microsoft.Insights/scheduledQueryRules/evaluationFrequency

microsoft.insights

scheduledqueryrules

properties.evaluationFrequency

True

False

Microsoft.Insights/scheduledQueryRules/scopes[*]

microsoft.insights

scheduledqueryrules

properties.scopes[*]

True

False

Microsoft.Insights/scheduledQueryRules/severity

microsoft.insights

scheduledqueryrules

properties.severity

True

False

Microsoft.Insights/scheduledQueryRules/windowSize

microsoft.insights

scheduledqueryrules

properties.windowSize

True

False

Rows: 1-1 / 1

Records:

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

Page of 1

Initiative DisplayName

Initiative Id

Initiative Category

State

Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) for Hybrid Virtual Machines

Alerting-HybridVM

Monitoring

{

policyType: "Custom",
mode: "All",
displayName: "Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Write Latency Alert",
description: "Policy to audit/deploy Hybrid VM Data Disk Write Latency Alert",
metadata: {5 items
- version: "1.6.2",
- category: "Hybrid Compute",
- source: "https://github.com/Azure/azure-monitor-baseline-alerts/",
- alzCloudEnvironments: [1 item
  - "AzureCloud"
  ],
- _deployed_by_amba: "True"
},
parameters: {20 items
- alertResourceGroupName: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Resource Group Name",
    - description: "Resource group the alert is placed in"
    },
  - defaultValue: "rg-amba-monitoring-001"
  },
- alertResourceGroupTags: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Resource Group Tags",
    - description: "Tags on the Resource group the alert is placed in"
    },
  - defaultValue: {1 item
    - Project: "amba-monitoring"
    }
  },
- alertResourceGroupLocation: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Resource Group Location",
    - description: "Location of the Resource group the alert is placed in"
    },
  - defaultValue: "centralus"
  },
- UAMIResourceId: {3 items
  - type: "string",
  - defaultValue: "",
  - metadata: {3 items
    - description: "The resource Id of the user assigned managed identity.",
    - displayName: "User Assigned managed Identity resource Id.",
    - assignPermissions: true
    }
  },
- severity: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Severity",
    - description: "Severity of the Alert"
    },
  - allowedValues: [5 items
    - "0",
    - "1",
    - "2",
    - "3",
    - "4"
    ],
  - defaultValue: "2"
  },
- operator: {4 items
  - type: "String",
  - metadata: {1 item
    - displayName: "Operator"
    },
  - allowedValues: [1 item
    - "GreaterThan"
    ],
  - defaultValue: "GreaterThan"
  },
- timeAggregation: {4 items
  - type: "String",
  - metadata: {1 item
    - displayName: "TimeAggregation"
    },
  - allowedValues: [1 item
    - "Count"
    ],
  - defaultValue: "Count"
  },
- windowSize: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Window Size",
    - description: "Window size for the alert"
    },
  - allowedValues: [7 items
    - "PT5M",
    - "PT15M",
    - "PT30M",
    - "PT1H",
    - "PT6H",
    - "PT12H",
    - "PT24H"
    ],
  - defaultValue: "PT15M"
  },
- evaluationFrequency: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Evaluation Frequency",
    - description: "Evaluation frequency for the alert"
    },
  - allowedValues: [4 items
    - "PT5M",
    - "PT15M",
    - "PT30M",
    - "PT1H"
    ],
  - defaultValue: "PT5M"
  },
- autoMitigate: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Auto Mitigate",
    - description: "Auto Mitigate for the alert"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "true"
  },
- checkWorkspaceAlertsStorageConfigured: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Require a workspace linked storage",
    - description: "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)."
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- autoResolve: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Auto Resolve",
    - description: "Auto Resolve for the alert"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "true"
  },
- autoResolveTime: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Auto Resolve",
    - description: "Auto Resolve time for the alert in ISO 8601 format"
    },
  - defaultValue: "true"
  },
- enabled: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Alert State",
    - description: "Alert state for the alert"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "true"
  },
- threshold: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Threshold",
    - description: "Threshold for the alert"
    },
  - defaultValue: "30"
  },
- failingPeriods: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Failing Periods",
    - description: "Number of failing periods before alert is fired"
    },
  - defaultValue: "1"
  },
- evaluationPeriods: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Evaluation Periods",
    - description: "The number of aggregated lookback points."
    },
  - defaultValue: "1"
  },
- effect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect",
    - description: "Effect of the policy"
    },
  - allowedValues: [2 items
    - "deployIfNotExists",
    - "disabled"
    ],
  - defaultValue: "deployIfNotExists"
  },
- MonitorDisableTagName: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "ALZ Monitoring disabled tag name",
    - description: "Tag name to disable monitoring. Set to true if monitoring should be disabled"
    },
  - defaultValue: "MonitorDisable"
  },
- MonitorDisableTagValues: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "ALZ Monitoring disabled tag values(s)",
    - description: "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled."
    },
  - defaultValue: [4 items
    - "true",
    - "Test",
    - "Dev",
    - "Sandbox"
    ]
  }
},
policyRule: {2 items
- if: {1 item
  - allOf: [2 items
    - {2 items
      - field: "type",
      - equals: "Microsoft.HybridCompute/machines"
      },
    - {2 items
      - field: "[ concat( 'tags[ ', parameters('MonitorDisableTagName'), ' ]' ) ]",
      - notIn: "[parameters('MonitorDisableTagValues')]"
      }
    ]
  },
- then: {2 items
  - effect: "[parameters('effect')]",
  - details: {7 items
    - roleDefinitionIds: [1 item
      - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" Contributor
      ],
    - type: "Microsoft.Insights/scheduledQueryRules",
    - existenceScope: "resourceGroup",
    - resourceGroupName: "[parameters('alertResourceGroupName')]",
    - deploymentScope: "subscription",
    - existenceCondition: {1 item
      - allOf: [14 items
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/displayName",
        equals: "[ concat( subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert' ) ]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/scopes[*]",
        equals: "[subscription().id]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/enabled",
        equals: "[parameters('enabled')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/evaluationFrequency",
        equals: "[parameters('evaluationFrequency')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/windowSize",
        equals: "[parameters('windowSize')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/severity",
        equals: "[parameters('severity')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/autoMitigate",
        equals: "[parameters('autoMitigate')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured",
        equals: "[parameters('checkWorkspaceAlertsStorageConfigured')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator",
        equals: "[parameters('operator')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation",
        equals: "[parameters('timeAggregation')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods",
        equals: "[parameters('evaluationPeriods')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert",
        equals: "[parameters('failingPeriods')]"
        },
        {2 items
        field: "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query",
        equals: "[ format( 'let policyThresholdString = "{ 0 }"; let resourceTagging = ( arg( "" ).resources | where type =~ "Microsoft.HybridCompute/machines" | where tags.[ "{ 1 }" ] !in~ ( "{ 2 }" ) | project _ResourceId = tolower( id ), resourceTags = tags ); InsightsMetrics | where _ResourceId has "Microsoft.HybridCompute/machines" | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "WriteLatencyMs" | extend Disk=tostring( todynamic( Tags )[ "vm.azm.ms/mountId" ] ) | where Disk !in ( "C:", "/" ) | summarize AggregatedValue = avg( Val ) by bin( TimeGenerated, 15m ), Computer, _ResourceId, Disk | join hint.remote=left kind=inner ( resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif( isnotempty( resourceTags.[ "{ 4 }" ] ), resourceTags.[ "{ 4 }" ], "No logical volumes excluded" ) | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring( resourceTags.[ "{ 3 }" ] ) | extend appliedThreshold = iif( isempty( newThresholdString ), toint( policyThresholdString ), toint( newThresholdString ) ) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join( parameters('MonitorDisableTagValues'), '", "' ), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_' ) ]"
        },
        {2 items
        field: "identity.userAssignedIdentities",
        containsKey: "[parameters('UAMIResourceId')]"
        }
        ]
      },
    - deployment: {2 items
      - location: "northeurope",
      - properties: {3 items
        mode: "incremental",
        template: {5 items
        $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        contentVersion: "1.0.0.0",
        parameters: {19 items
        alertResourceGroupName: {1 item
        type: "string"
        },
        alertResourceGroupTags: {1 item
        type: "object"
        },
        alertResourceGroupLocation: {1 item
        type: "string"
        },
        UAMIResourceId: {1 item
        type: "string"
        },
        severity: {1 item
        type: "String"
        },
        windowSize: {1 item
        type: "String"
        },
        evaluationFrequency: {1 item
        type: "String"
        },
        autoMitigate: {1 item
        type: "String"
        },
        checkWorkspaceAlertsStorageConfigured: {1 item
        type: "String"
        },
        autoResolve: {1 item
        type: "String"
        },
        autoResolveTime: {1 item
        type: "String"
        },
        enabled: {1 item
        type: "String"
        },
        threshold: {1 item
        type: "String"
        },
        operator: {1 item
        type: "String"
        },
        timeAggregation: {1 item
        type: "String"
        },
        failingPeriods: {1 item
        type: "String"
        },
        evaluationPeriods: {1 item
        type: "String"
        },
        MonitorDisableTagName: {1 item
        type: "String"
        },
        MonitorDisableTagValues: {1 item
        type: "Array"
        }
        },
        variables: {},
        resources: [2 items
        {5 items
        type: "Microsoft.Resources/resourceGroups",
        apiVersion: "2021-04-01",
        name: "[parameters('alertResourceGroupName')]",
        location: "[parameters('alertResourceGroupLocation')]",
        tags: "[parameters('alertResourceGroupTags')]"
        },
        {6 items
        type: "Microsoft.Resources/deployments",
        apiVersion: "2019-10-01",
        name: "HybridVMdataDiskWriteLatencyAlert",
        resourceGroup: "[parameters('alertResourceGroupName')]",
        dependsOn: [1 item
        🔍"[ concat( 'Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName') ) ]"
        ],
        properties: {3 items
        mode: "Incremental",
        template: {5 items
        $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        contentVersion: "1.0.0.0",
        parameters: {4 items
        enabled: {1 item
        type: "string"
        },
        alertResourceGroupName: {1 item
        type: "string"
        },
        alertResourceGroupLocation: {1 item
        type: "string"
        },
        UAMIResourceId: {1 item
        type: "string"
        }
        },
        variables: {},
        resources: [1 item
        {7 items
        type: "Microsoft.Insights/scheduledQueryRules",
        apiVersion: "2022-08-01-preview",
        name: "[ concat( subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert' ) ]",
        location: "[parameters('alertResourceGroupLocation')]",
        identity: {2 items
        type: "UserAssigned",
        userAssignedIdentities: {1 item
        [parameters('UAMIResourceId')]: {}
        }
        },
        tags: {1 item
        _deployed_by_amba: true
        },
        properties: {13 items
        displayName: "[ concat( subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert' ) ]",
        description: "Log Alert for Virtual Machine dataDiskWriteLatency",
        severity: "[parameters('severity')]",
        enabled: "[parameters('enabled')]",
        scopes: [1 item
        "[subscription().Id]"
        ],
        targetResourceTypes: [1 item
        "Microsoft.HybridCompute/machines"
        ],
        evaluationFrequency: "[parameters('evaluationFrequency')]",
        windowSize: "[parameters('windowSize')]",
        criteria: {1 item
        allOf: [1 item
        {7 items
        query: "[ format( 'let policyThresholdString = "{ 0 }"; let resourceTagging = ( arg( "" ).resources | where type =~ "Microsoft.HybridCompute/machines" | where tags.[ "{ 1 }" ] !in~ ( "{ 2 }" ) | project _ResourceId = tolower( id ), resourceTags = tags ); InsightsMetrics | where _ResourceId has "Microsoft.HybridCompute/machines" | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "WriteLatencyMs" | extend Disk=tostring( todynamic( Tags )[ "vm.azm.ms/mountId" ] ) | where Disk !in ( "C:", "/" ) | summarize AggregatedValue = avg( Val ) by bin( TimeGenerated, 15m ), Computer, _ResourceId, Disk | join hint.remote=left kind=inner ( resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif( isnotempty( resourceTags.[ "{ 4 }" ] ), resourceTags.[ "{ 4 }" ], "No logical volumes excluded" ) | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring( resourceTags.[ "{ 3 }" ] ) | extend appliedThreshold = iif( isempty( newThresholdString ), toint( policyThresholdString ), toint( newThresholdString ) ) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join( parameters('MonitorDisableTagValues'), '", "' ), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_' ) ]",
        threshold: 0,
        operator: "[parameters('operator')]",
        resourceIdColumn: "_ResourceId",
        timeAggregation: "[parameters('timeAggregation')]",
        dimensions: [2 items
        {3 items
        name: "Computer",
        operator: "Include",
        values: [1 item
        "*"
        ]
        },
        {3 items
        name: "Disk",
        operator: "Include",
        values: [1 item
        "*"
        ]
        }
        ],
        failingPeriods: {2 items
        numberOfEvaluationPeriods: "[parameters('evaluationPeriods')]",
        minFailingPeriodsToAlert: "[parameters('failingPeriods')]"
        }
        }
        ]
        },
        autoMitigate: "[parameters('autoMitigate')]",
        checkWorkspaceAlertsStorageConfigured: "[parameters('checkWorkspaceAlertsStorageConfigured')]",
        ruleResolveConfiguration: {2 items
        autoResolved: "[parameters('autoResolve')]",
        timeToResolve: "[parameters('autoResolveTime')]"
        },
        parameters: {16 items
        alertResourceGroupName: {1 item
        value: "[parameters('alertResourceGroupName')]"
        },
        alertResourceGroupLocation: {1 item
        value: "[parameters('alertResourceGroupLocation')]"
        },
        UAMIResourceId: {1 item
        value: "[parameters('UAMIResourceId')]"
        },
        severity: {1 item
        value: "[parameters('severity')]"
        },
        windowSize: {1 item
        value: "[parameters('windowSize')]"
        },
        evaluationFrequency: {1 item
        value: "[parameters('evaluationFrequency')]"
        },
        autoMitigate: {1 item
        value: "[parameters('autoMitigate')]"
        },
        checkWorkspaceAlertsStorageConfigured: {1 item
        value: "[parameters('checkWorkspaceAlertsStorageConfigured')]"
        },
        autoResolve: {1 item
        value: "[parameters('autoResolve')]"
        },
        autoResolveTime: {1 item
        value: "[parameters('autoResolveTime')]"
        },
        enabled: {1 item
        value: "[parameters('enabled')]"
        },
        threshold: {1 item
        value: "[parameters('threshold')]"
        },
        failingPeriods: {1 item
        value: "[parameters('failingPeriods')]"
        },
        evaluationPeriods: {1 item
        value: "[parameters('evaluationPeriods')]"
        },
        MonitorDisableTagName: {1 item
        value: "[parameters('MonitorDisableTagName')]"
        },
        MonitorDisableTagValues: {1 item
        value: "[parameters('MonitorDisableTagValues')]"
        }
        }
        }
        }
        ]
        },
        parameters: {4 items
        enabled: {1 item
        value: "[parameters('enabled')]"
        },
        alertResourceGroupName: {1 item
        value: "[parameters('alertResourceGroupName')]"
        },
        alertResourceGroupLocation: {1 item
        value: "[parameters('alertResourceGroupLocation')]"
        },
        UAMIResourceId: {1 item
        value: "[parameters('UAMIResourceId')]"
        }
        }
        }
        }
        ]
        },
        parameters: {19 items
        alertResourceGroupName: {1 item
        value: "[parameters('alertResourceGroupName')]"
        },
        alertResourceGroupTags: {1 item
        value: "[parameters('alertResourceGroupTags')]"
        },
        alertResourceGroupLocation: {1 item
        value: "[parameters('alertResourceGroupLocation')]"
        },
        UAMIResourceId: {1 item
        value: "[parameters('UAMIResourceId')]"
        },
        severity: {1 item
        value: "[parameters('severity')]"
        },
        windowSize: {1 item
        value: "[parameters('windowSize')]"
        },
        evaluationFrequency: {1 item
        value: "[parameters('evaluationFrequency')]"
        },
        autoMitigate: {1 item
        value: "[parameters('autoMitigate')]"
        },
        checkWorkspaceAlertsStorageConfigured: {1 item
        value: "[parameters('checkWorkspaceAlertsStorageConfigured')]"
        },
        autoResolve: {1 item
        value: "[parameters('autoResolve')]"
        },
        autoResolveTime: {1 item
        value: "[parameters('autoResolveTime')]"
        },
        enabled: {1 item
        value: "[parameters('enabled')]"
        },
        threshold: {1 item
        value: "[parameters('threshold')]"
        },
        operator: {1 item
        value: "[parameters('operator')]"
        },
        timeAggregation: {1 item
        value: "[parameters('timeAggregation')]"
        },
        failingPeriods: {1 item
        value: "[parameters('failingPeriods')]"
        },
        evaluationPeriods: {1 item
        value: "[parameters('evaluationPeriods')]"
        },
        MonitorDisableTagName: {1 item
        value: "[parameters('MonitorDisableTagName')]"
        },
        MonitorDisableTagValues: {1 item
        value: "[parameters('MonitorDisableTagValues')]"
        }
        }
        }
      }
    }
  }
}

}