{ "__inputs": [ { "name": "DS_AZURE_MONITOR", "label": "Azure Monitor", "description": "", "type": "datasource", "pluginId": "grafana-azure-monitor-datasource", "pluginName": "Azure Monitor" } ], "__elements": [], "__requires": [ { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "8.3.0-pre" }, { "type": "datasource", "id": "grafana-azure-monitor-datasource", "name": "Azure Monitor", "version": "0.3.0" }, { "type": "panel", "id": "stat", "name": "Stat", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "description": "A summary of alerts per severity with an overall count of total alerts, alert rules and action rules", "editable": true, "fiscalYearStartMonth": 0, "gnetId": null, "graphTooltip": 0, "id": null, "iteration": 1634313967579, "links": [], "liveNow": false, "panels": [ { "datasource": "${DS_AZURE_MONITOR}", "fieldConfig": { "defaults": { "color": { "fixedColor": "blue", "mode": "fixed" }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "count_" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "", "url": "d/5DLst5N7k/alert-consumption?${sub:queryparam}&${rg:queryparam}&${__url_time_range}&var-mc=Fired&var-mc=Resolved&var-as=New&var-as=Acknowledged&var-as=Closed&var-sev=Sev0&var-sev=Sev1&var-sev=Sev2&var-sev=Sev3&var-sev=Sev4&${__url_time_range}" } ] } ] } ] }, "gridPos": { "h": 5, "w": 2, "x": 0, "y": 0 }, "id": 4, "options": { "colorMode": "value", "graphMode": "none", "justifyMode": "center", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "8.3.0-pre", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n //the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "alertsmanagementresources\r\n| where type == \"microsoft.alertsmanagement/alerts\"\r\n| where todatetime(properties.essentials.lastModifiedDateTime) >= $__timeFrom and todatetime(properties.essentials.lastModifiedDateTime) <= $__timeTo\r\n| where subscriptionId == \"$sub\" and properties.essentials.targetResourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "A", "subscription": "", "subscriptions": ["$sub"] } ], "title": "Total alerts", "type": "stat" }, { "datasource": "${DS_AZURE_MONITOR}", "fieldConfig": { "defaults": { "color": { "fixedColor": "blue", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Total" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "", "url": "d/Pxwf9wN7k/alert-rules-overview?${sub:queryparam}&${rg:queryparam}&var-sig_type=smartdetectoralertrules&var-sig_type=resourcehealth&var-stat=Enabled&var-stat=Disabled" } ] } ] } ] }, "gridPos": { "h": 5, "w": 2, "x": 2, "y": 0 }, "id": 6, "options": { "colorMode": "value", "graphMode": "none", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "8.3.0-pre", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.alertsmanagement/smartdetectoralertrules\"\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "hide": false, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "Smart detector rules", "subscription": "", "subscriptions": ["$sub"] }, { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.alertsmanagement/resourcehealthalertrules\"\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "hide": false, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "Resource health alert rules", "subscription": "", "subscriptions": ["$sub"] }, { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.insights/alertrules\"\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "hide": false, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "Insights alert rules", "subscription": "", "subscriptions": ["$sub"] }, { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.insights/metricalerts\"\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "hide": false, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "Metrics alert rules", "subscription": "", "subscriptions": ["$sub"] }, { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.insights/activitylogalerts\"\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "hide": false, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "Log alert rules", "subscription": "", "subscriptions": ["$sub"] } ], "title": "Total alert rules", "transformations": [ { "id": "concatenate", "options": {} }, { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "include": [], "reducer": "sum" } } }, { "id": "organize", "options": { "excludeByName": { "count_ 1": true, "count_ 2": true, "count_ 3": true, "count_ 4": true, "count_ 5": true }, "indexByName": {}, "renameByName": {} } } ], "type": "stat" }, { "datasource": "${DS_AZURE_MONITOR}", "fieldConfig": { "defaults": { "color": { "fixedColor": "blue", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 2, "x": 4, "y": 0 }, "id": 8, "options": { "colorMode": "value", "graphMode": "none", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "8.3.0-pre", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "resources\r\n| where type == \"microsoft.alertsmanagement/actionrules\"\r\n| parse properties.scope with * 'components/' targetResource '\"' *\r\n| where subscriptionId == \"$sub\" and resourceGroup in ($rg)\r\n| summarize count()", "resultFormat": "table" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "A", "subscription": "", "subscriptions": ["$sub"] } ], "title": "Action rules", "type": "stat" }, { "datasource": "${DS_AZURE_MONITOR}", "fieldConfig": { "defaults": { "color": { "fixedColor": "blue", "mode": "fixed" }, "custom": { "align": "left", "displayMode": "auto", "filterable": true }, "mappings": [], "noValue": "0", "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "properties_essentials_severity" }, "properties": [ { "id": "displayName", "value": "Severity" }, { "id": "mappings", "value": [ { "options": { "Sev0": { "color": "red", "index": 0, "text": "0 - Critical" }, "Sev1": { "color": "orange", "index": 1, "text": "1 - Error" }, "Sev2": { "color": "yellow", "index": 2, "text": "2 - Warning" }, "Sev3": { "color": "blue", "index": 3, "text": "3 - Informational" }, "Sev4": { "color": "purple", "index": 4, "text": "4 - Verbose" } }, "type": "value" } ] }, { "id": "custom.displayMode", "value": "color-text" }, { "id": "links", "value": [ { "targetBlank": true, "title": "", "url": "d/5DLst5N7k/alert-consumption?${sub:queryparam}&${rg:queryparam}&${__url_time_range}&var-mc=Fired&var-mc=Resolved&var-as=New&var-as=Acknowledged&var-as=Closed&var-sev=${__data.fields.properties_essentials_severity}&${__url_time_range}" } ] } ] }, { "matcher": { "id": "byName", "options": "total" }, "properties": [ { "id": "displayName", "value": "Total alerts" }, { "id": "custom.displayMode", "value": "basic" } ] }, { "matcher": { "id": "byName", "options": "mcFired" }, "properties": [ { "id": "displayName", "value": "Fired" }, { "id": "color", "value": { "fixedColor": "orange", "mode": "fixed" } }, { "id": "custom.displayMode", "value": "gradient-gauge" } ] }, { "matcher": { "id": "byName", "options": "mcResolved" }, "properties": [ { "id": "displayName", "value": "Resolved" }, { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } }, { "id": "custom.displayMode", "value": "basic" } ] }, { "matcher": { "id": "byName", "options": "asNew" }, "properties": [ { "id": "displayName", "value": "New" }, { "id": "custom.displayMode", "value": "color-text" } ] }, { "matcher": { "id": "byName", "options": "asAcknowledged" }, "properties": [ { "id": "displayName", "value": "Acknowledged" }, { "id": "custom.displayMode", "value": "color-text" } ] }, { "matcher": { "id": "byName", "options": "asClosed" }, "properties": [ { "id": "displayName", "value": "Closed" }, { "id": "custom.displayMode", "value": "color-text" } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 5 }, "id": 2, "options": { "footer": { "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true, "sortBy": [ { "desc": false, "displayName": "Severity" } ] }, "pluginVersion": "8.3.0-pre", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "timeGrain": "auto", "timeGrains": [], "top": "10" }, "azureResourceGraph": { "query": "alertsmanagementresources\r\n| where type == \"microsoft.alertsmanagement/alerts\"\r\n| where todatetime(properties.essentials.lastModifiedDateTime) >= $__timeFrom and todatetime(properties.essentials.lastModifiedDateTime) <= $__timeTo\r\n| where subscriptionId == \"$sub\" and properties.essentials.targetResourceGroup in ($rg)\r\n| summarize total = count(),\r\n mcFired = countif(properties.essentials.monitorCondition == \"Fired\"),\r\n mcResolved = countif(properties.essentials.monitorCondition == \"Resolved\"),\r\n asNew = countif(properties.essentials.alertState == \"New\"),\r\n asAcknowledged = countif(properties.essentials.alertState == \"Acknowledged\"),\r\n asClosed = countif(properties.essentials.alertState == \"Closed\")\r\nby tostring(properties.essentials.severity)", "resultFormat": "table" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Resource Graph", "refId": "A", "subscription": "", "subscriptions": ["$sub"] } ], "title": "Alerts by Severity", "transformations": [], "transparent": true, "type": "table" } ], "schemaVersion": 31, "style": "dark", "tags": [], "templating": { "list": [ { "allValue": null, "current": {}, "datasource": "${DS_AZURE_MONITOR}", "definition": "Subscriptions()", "description": null, "error": null, "hide": 0, "includeAll": false, "label": "Subscription", "multi": false, "name": "sub", "options": [], "query": "Subscriptions()", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" }, { "allValue": null, "current": {}, "datasource": "${DS_AZURE_MONITOR}", "definition": "ResourceGroups($sub)", "description": null, "error": null, "hide": 0, "includeAll": false, "label": "Resource Group", "multi": true, "name": "rg", "options": [], "query": "ResourceGroups($sub)", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" } ] }, "time": { "from": "now-30d", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Azure Alert Consumption At Scale", "uid": "hcsp8ND7k", "version": 1 }