locked
Log Analytics WebHook RRS feed

  • Question

  • I need help formatting and getting necessary data from OMS workspace triggered alert.

    This is the breakdown of the settings;

    1. I have an OMS workspace with alerts setup (Works fine with no issues)
    2. I have a webhook that triggers a runbook whenever the alert condition is met

    The problem is when the email comes in, the body content is JSON, and also missing affected COMPUTERS in the body of the email (We also want the body of the email in TEXT which is already taken care of).

    Meanwhile, when you look at the output on the RUNBOOK dashboard, the alert is properly formated, but when it comes in the body of the email, it's all distorted.

    What we will like to capture in the email body, and how we want it formated (TEXT)

    Subscription Name (This is the subscription name of where the affected computer is located):
    Workspace Name (This is the workspace name of where the affected computer is located):
    Alert Name:
    Alert Description:
    Affected Computer(s):
    Alert Severity:
    Time of Generated Alert:

    SCREEN SHORTS:

    

    EMAIL BODY IN TEXT (Despite the use of ConvertFrom-Json):

    @{WorkspaceId=08c6f102; AlertRuleName=Logical DIsk % Used Space (Var) > 85; SearchQuery=Type=Perf ObjectName="Logical Disk" CounterName="% Used Space" InstanceName="/var" | Measure Max(CounterValue) as USEDDISK by Computer | Where USEDDISK > 85; AlertThresholdOperator=gt; AlertThresholdValue=1; SearchIntervalStartTimeUtc=2017-09-30T23:14:28.000Z; SearchIntervalEndtimeUtc=2017-09-30T23:19:28.675Z; ResultCount=0 results; SearchIntervalInSeconds=300; LinkToResults=https://08c6f102.portal.mms.microsoft.com/#Workspace/search/index?_timeInterval.intervalEnd=2017-09-30T23:19:28.675Z&_timeInterval.intervalDuration=300&q=Type=Perf%20ObjectName=%22Logical%20Disk%22%20CounterName=%22%25%20Used%20Space%22%20InstanceName=%22/var%22%20%7C%20Measure%20Max(CounterValue)%20as%20USEDDISK%20by%20Computer%20%7C%20Where%20USEDDISK%20%3E%2085; Description=File system /Var logical disk % Used Space is greater than 85%}


    Runbook Output (Desired Output):

    WorkspaceId                : 08c6f102
    AlertRuleName              : Logical DIsk % Used Space (Var) > 85
    SearchQuery                : Type=Perf ObjectName="Logical Disk" CounterName="% Used Space" InstanceName="/var" | 
                                 Measure Max(CounterValue) as USEDDISK by Computer | Where USEDDISK > 85
    AlertThresholdOperator     : gt
    AlertThresholdValue        : 1
    SearchIntervalStartTimeUtc : 2017-09-30T23:10:10.000Z
    SearchIntervalEndtimeUtc   : 2017-09-30T23:15:10.377Z
    ResultCount                : 0 results
    SearchIntervalInSeconds    : 300
    LinkToResults              : https://08c6f102.portal.mms.microsoft.com/#Workspace/search/ind
                                 ex?_timeInterval.intervalEnd=2017-09-30T23:15:10.377Z&_timeInterval.intervalDuration=300&q=
                                 Type=Perf%20ObjectName=%22Logical%20Disk%22%20CounterName=%22%25%20Used%20Space%22%20Instan
                                 ceName=%22/var%22%20%7C%20Measure%20Max(CounterValue)%20as%20USEDDISK%20by%20Computer%20%7C
                                 %20Where%20USEDDISK%20%3E%2085
    Description                : File system /Var logical disk % Used Space is greater than 85%
    


    Any assistance will be Appreciated.

    Thanks

    James

    • Moved by Bill_Stewart Tuesday, November 7, 2017 10:39 PM This is not "design system solution for me for free" forum
    Sunday, October 1, 2017 2:05 PM