This is my second post in our Migrating from Orchestrator series. In Donnie’s last post he showed you how you can trigger automation with EventGrid. In this post I’ll show you how you can trigger automations from Azure Monitor Alerts. Triggering Orchestrator runbooks from SCOM Alerts was one of the more popular type of triggers for Orchestrator. Thats definitely something we want to show how to do in this series.
To trigger alerts we need to know about Action Groups. I’ve talked about Action Groups as part of Alerting at Scale. Every Azure Alert needs an Action Group. But within an Action Group we can trigger automation for:
- Azure Automation Runbooks
- Azure Functions Function Apps
In addition you can send alert data via Webhooks and Secure Webhooks
Trigger Azure Automation Runbook
To trigger an Azure Automation Runbook, we’ll need to create an Action Group that calls a runbook. Selected Automation Runbook and the side blade will pop out. Giving you some built in runbooks you can run.
If you have something more custom, select User, you’ll be asked to select your Automation Account which will load all available runbooks.
I typically go for the common alert schema, and you can add your own webhook data if you so desire.
Trigger Azure Function Function App
I already covered how to call an Function App in this post here, but I’ll duplicate the Action Group portion so they’re all in one spot.
To trigger any type of alert with Azure Monitor, whether its an Azure Function or an email, you need an Action Group.
Under Azure Monitor select Alerts -> Manage Actions -> Add Action Group
Give your Action Group an Name, Short Name, select your Subscription and Resource Group. Then give it an Action Name and select Azure Function. Note the Resource Group here is where the Action Group will be stored.
On the right hand blade, the resource group is the resource group location of your Azure Function. Notice that the creation process has detected that I have 2 functions. MetricAlert and LogSearch. Click ok and save your Action Group. Make Sure “Use Common Alert Schema” is checked. Again this will work fine with the other schema, however my examples are using the Common Alert Schema.
In your Action Group select LogicApp for the Action Type in the right hand pane, selected your Subscription, Resource Group and then your LogicApp. Unlike Runbooks and Function Apps, I have been so far unable to parse the Common Alert Schema with a LogicApp, it simply fails. However I have it working find with the other schema.
Add to an Alert
For those of you still reading and paying attention, you might have noticed I just added 1 Runbook, 1 Function App and 1 LogicApp to my Action Group. First, you can have I believe up to 5 Actions per Action Group. As well as five Action Groups on one alert. Why you would need 3 different automations to fire though is beyond me. Maybe Donnie doing some Automation for Evil nonsense?
Its that easy to trigger automations from Azure Monitor alerts. Its the processes or sometimes the people behind the processes you want to automate that become the road block.
Hi, I’m Billy York. I’m a Cloud and Datacenter Management MVP, specializing in monitoring and automation. Here you’ll find posts about AzureMonitor, LogAnalytics, System Center Operations Manager, Powershell, Hyper-V, Azure Automation, Azure Governance and other Microsoft related technologies.