az monitor scheduled-query

Commands to manage scheduled queries.

Commands

az monitor scheduled-query create

Create a scheduled query.

az monitor scheduled-query delete

Delete a scheduled query.

az monitor scheduled-query list

List all scheduled queries.

az monitor scheduled-query show

Show detail of a scheduled query.

az monitor scheduled-query update

Update a scheduled query.

az monitor scheduled-query create

Create a scheduled query.

az monitor scheduled-query create --condition
                                  --name
                                  --resource-group
                                  --scopes
                                  [--action]
                                  [--description]
                                  [--disabled {false, true}]
                                  [--evaluation-frequency]
                                  [--location]
                                  [--mad]
                                  [--severity]
                                  [--tags]
                                  [--target-resource-type]
                                  [--window-size]

Examples

Create a scheduled query for a VM.

az monitor scheduled-query create -g {rg} -n {name1} --scopes {vm_id} --condition "count 'union Event, Syslog | where TimeGenerated > ago(1h)' > 360" --description "Test rule" --target-resource-type Microsoft.Compute/virtualMachines

Create a scheduled query for VMs in a resource group.

az monitor scheduled-query create -g {rg} -n {name1} --scopes {rg_id} --condition "count 'union Event, Syslog | where TimeGenerated > ago(1h)' < 260 at least 1 out of 5" --description "Test rule" --target-resource-type Microsoft.Compute/virtualMachines

Required Parameters

--condition

The condition which triggers the rule.

--name -n

Name of the scheduled query rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scopes

Space-separated list of scopes the rule applies to. The resources specified in this parameter must be of the same type and exist in the same location.

Optional Parameters

--action -a

Add an action group and optional webhook properties to fire when the alert is triggered.

--description

Free-text description of the rule.

--disabled

Disable the scheduled query.

accepted values: false, true
--evaluation-frequency

Frequency with which to evaluate the rule in "##h##m##s" format.

default value: 5m
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--mad --mute-actions-duration

Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.

default value: PT30M
--severity

Severity of the alert from 0 (critical) to 4 (verbose).

default value: 2
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--target-resource-type --type

The resource type of the target resource(s) in scopes. This must be provided when scopes is resource group or subscription.

--window-size

Time over which to aggregate metrics in "##h##m##s" format.

default value: 5m

az monitor scheduled-query delete

Delete a scheduled query.

az monitor scheduled-query delete --name
                                  --resource-group
                                  [--yes]

Required Parameters

--name -n

Name of the scheduled query rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Do not prompt for confirmation.

az monitor scheduled-query list

List all scheduled queries.

az monitor scheduled-query list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az monitor scheduled-query show

Show detail of a scheduled query.

az monitor scheduled-query show --name
                                --resource-group

Required Parameters

--name -n

Name of the scheduled query rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az monitor scheduled-query update

Update a scheduled query.

az monitor scheduled-query update --name
                                  --resource-group
                                  [--action]
                                  [--add]
                                  [--condition]
                                  [--description]
                                  [--disabled {false, true}]
                                  [--evaluation-frequency]
                                  [--force-string]
                                  [--mad]
                                  [--remove]
                                  [--set]
                                  [--severity]
                                  [--tags]
                                  [--window-size]

Required Parameters

--name -n

Name of the scheduled query rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--action -a

Add an action group and optional webhook properties to fire when the alert is triggered.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--condition

The condition which triggers the rule.

--description

Free-text description of the rule.

--disabled

Disable the scheduled query.

accepted values: false, true
--evaluation-frequency

Frequency with which to evaluate the rule in "##h##m##s" format.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--mad --mute-actions-duration

Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--severity

Severity of the alert from 0 (critical) to 4 (verbose).

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--window-size

Time over which to aggregate metrics in "##h##m##s" format.