Azure 中的经典警报是什么?What are classic alerts in Azure?

备注

本文介绍了如何创建旧式经典指标警报。This article describes how to create older classic metric alerts. Azure Monitor 现在支持较新的近实时指标警报和新的警报体验Azure Monitor now supports newer near-real time metric alerts and a new alerts experience. 经典警报已停用,尽管尚不支持新警报的资源在使用方面仍存在限制。Classic alerts are retired, though still in limited use for resources that do not yet support the new alerts.

警报允许配置数据条件,并在条件与最新监视数据匹配时发出通知。Alerts allow you to configure conditions over data and become notified when the conditions match the latest monitoring data.

旧式和新式警报功能Old and new alerting capabilities

在过去的 Azure Monitor 中,Application Insights,Log Analytics 和服务运行状况都有单独的警报功能。In the past Azure Monitor, Application Insights, Log Analytics, and Service Health had separate alerting capabilities. 随着时间推移,Azure 改进并组合了用户界面和不同的警报方法。Overtime, Azure improved and combined both the user interface and different methods of alerting. 整合仍在进行中。The consolidation is still in process.

只能在 Azure 门户中的经典警报用户屏幕中查看经典警报。You can view classic alerts only in the classic alerts user screen in the Azure Portal. 可以通过警报屏幕上的“查看经典警报”按钮访问此屏幕。You get this screen from the View classic alerts button on the alerts screen.

Azure 门户中的警报选项

与经典警报体验相比,新式警报用户体验具有以下优点:The new alerts user experience has the following benefits over the classic alerts experience:

  • 更好的通知系统 - 所有新式警报均使用操作组,这些组是命名的通知和操作组,可以在多个警报中重复使用。Better notification system - All newer alerts use action groups, which are named groups of notifications and actions that can be reused in multiple alerts. 经典指标警报和旧版 Log Analytics 警报不使用操作组。Classic metric alerts and older Log Analytics alerts do not use action groups.
  • 统一的创作体验 - 针对 Azure Monitor、Log Analytics 和 Application Insights 中的指标、日志和活动日志的所有警报创建均在一个位置进行。A unified authoring experience - All alert creation for metrics, logs and activity log across Azure Monitor, Log Analytics, and Application Insights is in one place.
  • 在 Azure 门户中查看触发的 Log Analytics 警报 - 现在还可以在订阅中查看触发的 Log Analytics 警报。View fired Log Analytics alerts in Azure portal - You can now also see fired Log Analytics alerts in your subscription. 以前这些警报在单独的门户中。Previously these were in a separate portal.
  • 分开触发的警报和警报规则 - 对警报规则(定义触发警报的条件)和触发的警报(警报规则触发实例)进行了区分,因此操作视图和配置视图是分开的。Separation of fired alerts and alert rules - Alert rules (the definition of condition that triggers an alert), and Fired Alerts (an instance of the alert rule firing) are differentiated, so the operational and configuration views are separated.
  • 更好的工作流 - 全新警报创作体验引导用户完成警报规则配置过程,因此发现需要发出警报的事项变得更容易了。Better workflow - The new alerts authoring experience guides the user along the process of configuring an alert rule, which makes it simpler to discover the right things to get alerted on.
  • 智能警报整合设置警报状态 - 新式警报包括了自动分组功能,它将类似的警报显示在一起以降低用户界面中的开销。Smart Alerts consolidation and setting alert state - Newer alerts include auto grouping functionality showing similar alerts together to reduce overload in the user interface.

与经典指标警报相比,新式指标警报具有以下优点:The newer metric alerts have the following benefits over the classic metric alerts:

  • 延迟降低:新型指标警报的运行频率可达每分钟一次。Improved latency: Newer metric alerts can run as frequently as every one minute. 旧式指标警报每 5 分钟方可运行 1 次。Older metric alerts always run at a frequency of 5 minutes. 新式警报从问题发生到发出通知或采取操作的延迟更小(3 到 5 分钟)。Newer alerts have increasing smaller delay from issue occurrence to notification or action (3 to 5 minutes). 旧式警报需要 5 到 15 分组,具体取决于类型。Older alerts are 5 to 15 minutes depending on the type. 由于要花费时间来引入日志,日志警报通常有 10 到 15 分钟的延迟,但新式处理方法缩短了该时间。Log alerts typically have 10 to 15-minute delay due to the time it takes to ingest the logs, but newer processing methods are reducing that time.
  • 支持多维指标:支持对维度指标发出警报,从而可监视所关注的指标段。Support for multi-dimensional metrics: You can alert on dimensional metrics allowing you to monitor an interesting segment of the metric.
  • 更好地控制指标条件:可以定义更丰富的警报规则。More control over metric conditions: You can define richer alert rules. 新型警报支持监视指标的最大值、最小值、平均值和总值。The newer alerts support monitoring the maximum, minimum, average, and total values of metrics.
  • 综合监视多个指标:可以使用单个规则监视多个指标(目前最多为两个指标)。Combined monitoring of multiple metrics: You can monitor multiple metrics (currently, up to two metrics) with a single rule. 如果两个指标在指定时间段内违反其各自的阈值,则会触发警报。An alert is triggered if both metrics breach their respective thresholds for the specified time-period.
  • 更好的通知系统:所有新式警报均使用操作组,这些组是命名的通知和操作组,可以在多个警报中重复使用。Better notification system: All newer alerts use action groups, which are named groups of notifications and actions that can be reused in multiple alerts. 经典指标警报和旧版 Log Analytics 警报不使用操作组。Classic metric alerts and older Log Analytics alerts do not use action groups.
  • 日志中的指标(公共预览版):进入 Log Analytics 的日志数据现在可以提取并转换为 Azure Monitor 指标,然后就像其他指标一样,基于其发出警报。Metrics from Logs (public preview): Log data going into Log Analytics can now be extracted and converted into Azure Monitor metrics and then alerted on just like other metrics. 有关特定于经典警报的术语,请参阅警报(经典)See Alerts (classic) for the terminology specific to classic alerts.

关于 Azure Monitor 数据的经典警报Classic alerts on Azure Monitor data

有两种可用的经典警报类型:指标警报和活动日志警报。There are two types of classic alerts available - metric alerts and activity log alerts.

  • 经典指标警报 - 当指定的指标值越过了分配的阈值时,就会触发此警报。Classic metric alerts - This alert triggers when the value of a specified metric crosses a threshold that you assign. 当越过了该阈值并且满足警报条件时,警报将生成通知。The alert generates a notification when that threshold is crossed and the alert condition is met. 此时,该警报被视为“已激活”。At that point, the alert is considered "Activated". 它在“已解决”时(即再次越过阈值且不再满足条件时)生成另一个通知。It generates another notification when it is "Resolved" - that is, when the threshold is crossed again and the condition is no longer met.

  • 经典活动日志警报 - 当某个活动日志事件条目与筛选条件匹配时将触发的流式处理日志警报。Classic activity log alerts - A streaming log alert that triggers on an Activity Log event entry that matches your filter criteria. 这些警报只有一个状态,即“已激活”。These alerts have only one state, "Activated". 警报引擎只是简单地将筛选条件应用于任何新事件。The alert engine simply applies the filter criteria to any new event. 它不会进行搜索来查找更早的条目。It does not search to find older entries. 出现新的服务运行状况事件时,或用户或应用程序在订阅中执行操作(例如“删除虚拟机”)时,这些警报可发出通知。These alerts can notify you when a new Service Health incident occurs or when a user or application performs an operation in your subscription, for example, "Delete virtual machine."

对于通过 Azure Monitor 提供的资源日志数据,请将数据路由到 Log Analytics 并使用日志查询警报。For resource log data available through Azure Monitor, route the data into Log Analytics and use a log query alert. Log Analytics 现在使用新的警报方法Log Analytics now uses the new alerting method

下图总结了 Azure Monitor 中的数据源,从概念上总结了从数据取消警报的方法。The following diagram summarizes sources of data in Azure Monitor and, conceptually, how you can alert off of that data.

警报介绍

警报的分类(经典)Taxonomy of alerts (classic)

Azure 使用以下术语来描述经典警报和及其功能:Azure uses the following terms to describe classic alerts and their functions:

  • 警报 - 符合标准(一个或多个规则或条件)时被激活的定义。Alert - a definition of criteria (one or more rules or conditions) that becomes activated when met.
  • 活动 - 满足经典警报定义的标准时的状态。Active - the state when the criteria defined by a classic alert is met.
  • 已解决 - 在先前满足经典警报定义的标准后不再满足该标准的状态。Resolved - the state when the criteria defined by a classic alert is no longer met after previously having been met.
  • 通知 - 经典警报变为活动状态时采取的操作。Notification - the action taken based off of a classic alert becoming active.
  • 操作 - 发送给通知接收方的特定通话(例如,通过电子邮件发送地址或发布到 Webhook URL)。Action - a specific call sent to a receiver of a notification (for example, emailing an address or posting to a webhook URL). 通知通常可以触发多个操作。Notifications can usually trigger multiple actions.

如何接收来自 Azure Monitor 经典警报的通知?How do I receive a notification from an Azure Monitor classic alert?

从历史上来看,来自不同服务的 Azure 警报使用自己的内置通知方法。Historically, Azure alerts from different services used their own built-in notification methods.

Azure Monitor 创建了一个称为“操作组”的可重复使用的通知组。Azure Monitor created a reusable notification grouping called action groups. 操作组指定一组接收通知的接收方。Action groups specify a set of receivers for a notification. 每当引用操作组的一个警报被激活时,所有接收方都会收到该通知。Any time an alert is activated that references the Action Group, all receivers receive that notification. 操作组允许在多个警报对象中重复使用一组接收方(例如,在线工程师列表)。Action groups allow you to reuse a grouping of receivers (for example, your on-call engineer list) across many alert objects. 除了电子邮件地址、短信号码和大量其他操作外,操作组还通过发布到 Webhook URL 来支持通知。Action groups support notification by posting to a webhook URL in addition to email addresses, SMS numbers, and a number of other actions. 有关详细信息,请参阅操作组For more information, see action groups.

旧式经典活动日志警报使用操作组。Older classic Activity Log alerts use action groups.

但是,旧式指标警报不使用操作组。However, the older metric alerts do not use action groups. 可以改为配置以下操作:Instead, you can configure the following actions:

  • 将电子邮件通知发送到服务管理员、共同管理员或指定的其他电子邮件。Send email notifications to the service administrator, to coadministrators, or to additional email addresses that you specify.
  • 调用 Webhook,以便用户启动其他自动化操作Call a webhook, which enables you to launch additional automation actions.

Webhook 可实现自动化和修复,例如使用:Webhooks enables automation and remediation, for example, using:

  • Azure 自动化 RunbookAzure Automation Runbook
  • Azure 函数Azure Function
  • Azure 逻辑应用Azure Logic App
  • 第三方服务a third-party service

后续步骤Next steps

了解警报规则以及如何使用以下工具来配置这些规则:Get information about alert rules and configuring them by using: