My next post in our Migrating from Orchestrator series with MVP Donnie Taylor. In my last post I showed you how to setup Action Groups for Azure Automation, LogicApps and Azure Functions for Azure Monitor Alerts. In a previous post I’ve shown how you can Parse an Azure Monitor Alert with Azure Functions and PowerShell core. In this one I’ll show how you can trigger LogicApps from a Log Search alert. Then parse that alert to perform an action. I’ll be using the log that I created with another Logic App and which I showed how to create the alert in this post. The purpose of this LogicApp is to turn off and on an Azure Function I use to collect my Solar Data.
- LogicApp – you can create an empty one to add to the Action Group
- An Action Group with LogicApp configured as its action type
- Setup Managed Identity on the Azure Function
Log Search Alert
This is the Kusto query I use to trigger the alert. Slightly different than the example alert I ended up with in this post.
DayLight_CL | extend Sunrise = iif((Sunrise_t between(ago(25m) .. now() )), true , false) | extend Sunset = iif((Sunset_t between(ago(25m) .. now() )), true , false) | project Sunrise, Sunset | where (Sunrise == True) or (Sunset == True)
With this query I’m checking my DayLight log sunrise and sunset times to see if they are within the last 25 minutes and now. Using iif() to evaluate true and false. Then project just the sunrise and sunset fields, and the where and or clauses generate the alert record if true.
Because my DayLight log only gets sent in once per day, I have a search Period of 1440 minutes. Or the last 24 hours.
Log search LogicApp
Credit to Stefan Roth for the basic design of parsing the Log Search alert data. Despite my best efforts I have not been able to find a better solution than what he came up with.
I’m not entirely sure if i need the second Parse JSON 2 but its been working for almost a year so I have no intention of trying to fix it.
We need multiple for each loops to get to the data we want. Thankfully LogicApps detects this for you and automatically builds how many loops you need to get to the step you want. The item()s are used to get the array objects. I use item() and item() to get the sunrise and sunset objects.
We need a third Parse JSON to get Sunrise and Sunset into their own objects.
Finally the meat and potatoes. We use a standard condition statement to determine if we want to turn on or off the Azure Function. That calls the specific URIs for starting and stopping the Azure Function.
LogicApps can be very powerful automation tool to have in your repertoire. Could I have done this in a separate Azure Function? Absolutely. In fact it probably would have been easier for me to do since I’m very familiar with PowerShell. Almost every LogicApp I’ve made I have had to do more than whats possible in just the graphical editor, which is the whole point of LogicApps. Sometimes learning new things is a good thing though.
You can find the logicapp code here
Hi, I’m Billy York. I’m a Cloud and Datacenter Management MVP, specializing in monitoring and automation. Here you’ll find posts about AzureMonitor, LogAnalytics, System Center Operations Manager, Powershell, Hyper-V, Azure Automation, Azure Governance and other Microsoft related technologies.