Azure Monitor Alerts using webhook to Microsoft Teams - No messages to Teams

8
votes

I'm using Azure Monitor/Log Analytics to trigger alerts successfully. I'm trying to get the alerts into a Microsoft Teams channel (as well as a slack channel for debugging) with no success.

I've an alert that's successfully being triggered. I have an action group with my email, sms and azure app push configured. I've been receiving these messages each time the alert triggers.

I've got another action group with a couple of webhooks in for a Microsoft Teams and Slack channels. I'm not receiving anything on these channels.

I've enabled the custom 'Include custom Json payload for webhook' and pasted both the suggested json and the following { "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

I get the emails/sms/push notifications but not the messages to the web hooks. I've tried leaving the common alert schema set to no in the action group, the default (as well trying unsuccessfully on yes as well).

Suspecting it's something to do with the custom payload json as mention here https://azure.microsoft.com/en-gb/blog/webhooks-for-azure-alerts/

Any ideas on how I can get my alerts into teams?

Thanks

6
jsonwebhooksmicrosoft-teamsazure-monitoring
Could you please take a look at Webhooks with Azrure devOps server?Trinetra-MSFT
Azure Devops is slightly different sorryJohn Fox
oh my bad. May be this can help you Webhook action for log alert rulesTrinetra-MSFT

6 Answers

8
votes

Managed to crack it and get it working everyone!

Using Azure Automation, a runbook/webhook.

Added the following as a runbook (update your uri):

param
(
    [Parameter (Mandatory=$false)]
    [object] $WebhookData
)
if ($WebhookData)
{
    # Get the data object from WebhookData.
    $WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
    $alertName = $WebhookBody.alertname
    $alertDescription = $WebhookBody.alertDescription
    $linkToSearch = $WebhookBody.linktosearchresults
    $query = $WebhookBody.searchquery
    $results = $WebhookBody.resultcount
    $AlertThreshold = $WebhookBody.AlertThreshold
    $AlertThresholdValue = $WebhookBody.AlertThresholdValue
    $StartTime = $WebhookBody.SearchStartTime
    $EndTime = $WebhookBody.SearchEndTime
    $formatLink = "[Link]($linkToSearch)"
    $formatMessage = "$alertName has exceeded the threshold $AlertThreshold $AlertThresholdValue. Results returned: $results"

    $uri = 'https://teams-connector-uri'

    $body = ConvertTo-Json -Depth 4 @{
    summary = $alertName
    sections = @(
        @{
            activityTitle = $alertName
            activitySubtitle = $alertDescription
            activityText =  $formatMessage           
        },
        @{
            title = 'Details'
            facts = @(
                @{
                name = 'Query time range. (UTC)'
                value = "$StartTime $EndTime"
                },
                @{
                name = 'Link to search results'
                value = $formatLink
                },
                @{
                name = 'Query Executed'
                value = $query
                }
            )
        }
    )
} 
    Invoke-RestMethod -uri $uri -Method Post -body $body -ContentType 'application/json'
}

Then generate a webhook for the runbook and add this into the Azure Alert.

In the azure alert i've set the custom payload to this:

{ "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

Bingo, triggered alert and alert came through

6
votes

In Teams , for each channel we have a email address associated. "Get Email Address" option for the channel gives the email id. Use Email notification in Action Group with the Email Id. Webhook URL doesnt seem to work

1
votes

I haven't worked with Azure alert, so I'm not sure exactly what options you have available, but it looks like, from the fact that your payload is structured, that you'd like to format it into some consistent mechanism.

A common way to to this using Connectors is the use something like an "actionable message card". In essence, you're sending like a mini formatted popup window into the Team channel. To see some examples, go here and click "Select a sample" on the top left menu.

To do this, the Card doesn't need to be very complex, but you do need to give a tiny bit of thought to what you want it to look like, and possibly what actions you want to offer. For example, you probably want the name and description in a tabular format of some sort, and the LinkToSearchResults to be a button on the bottom that loads a browser window. The Actionable Messages Designer can also be useful to help you put it together. When you have the final design, you'll end up with a JSON text payload, and you just need to compose that together with the tokens from Azure.

Like I said, I haven't worked with Azure alerts, but I think this should help.

1
votes

The recommended way by Azure is to do it via an Action Group containing an Action of type Logic App. The official docu has detailed instructions.

Quick summary for the Logic App (create in Azure Portal -> Create a Resource -> Logic App):

  • Trigger: When a HTTP request is received
  • Add Step: Microsoft Teams - Post message
    • Choose teams channel and configure message.
0
votes

I'm also looking into doing this and get exactly the same results as @JohnFox

Pretty tragic it can't just do it.

I've read somewhere you have to set up a Function or Logic App to be an "inbetween" from Azure to Teams (or Slack)

I tried this workaround...

http://www.nibrasmanna.com/send-azure-outage-notifications-to-microsoft-teams/

...but it is unworkable, all of the messages do get through to Teams, but the emails are too large to display.

To be honest getting webhooks running seems to be hard work

If anyone comes across a decent tutorial of getting this up and running, please post back - Thanks

0
votes

Try the Azure Monitor-Zenduty-Teams integration. Works with both metric and log alerts and sends them to Teams channels and DM.