Azure Monitor Alerts using webhook to Microsoft Teams - No messages to Teams

Asked 23/1, 2020 at 16:35 Answered 29/10, 2020 at 12:57

json webhooks microsoft-teams azure-monitoring

I'm using Azure Monitor/Log Analytics to trigger alerts successfully. I'm trying to get the alerts into a Microsoft Teams channel (as well as a slack channel for debugging) with no success.

I've an alert that's successfully being triggered. I have an action group with my email, sms and azure app push configured. I've been receiving these messages each time the alert triggers.

I've got another action group with a couple of webhooks in for a Microsoft Teams and Slack channels. I'm not receiving anything on these channels.

I've enabled the custom 'Include custom Json payload for webhook' and pasted both the suggested json and the following { "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

I get the emails/sms/push notifications but not the messages to the web hooks. I've tried leaving the common alert schema set to no in the action group, the default (as well trying unsuccessfully on yes as well).

Suspecting it's something to do with the custom payload json as mention here https://azure.microsoft.com/en-gb/blog/webhooks-for-azure-alerts/

Any ideas on how I can get my alerts into teams?

Thanks

Jespersen answered 23/1, 2020 at 16:35 Comment(3)

Could you please take a look at Webhooks with Azrure devOps server? – Trishatriskelion 24/1, 2020 at 7:57

Azure Devops is slightly different sorry – Jespersen 24/1, 2020 at 8:30

oh my bad. May be this can help you Webhook action for log alert rules – Trishatriskelion 24/1, 2020 at 9:10

Managed to crack it and get it working everyone!

Using Azure Automation, a runbook/webhook.

Added the following as a runbook (update your uri):

param
(
    [Parameter (Mandatory=$false)]
    [object] $WebhookData
)
if ($WebhookData)
{
    # Get the data object from WebhookData.
    $WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
    $alertName = $WebhookBody.alertname
    $alertDescription = $WebhookBody.alertDescription
    $linkToSearch = $WebhookBody.linktosearchresults
    $query = $WebhookBody.searchquery
    $results = $WebhookBody.resultcount
    $AlertThreshold = $WebhookBody.AlertThreshold
    $AlertThresholdValue = $WebhookBody.AlertThresholdValue
    $StartTime = $WebhookBody.SearchStartTime
    $EndTime = $WebhookBody.SearchEndTime
    $formatLink = "[Link]($linkToSearch)"
    $formatMessage = "$alertName has exceeded the threshold $AlertThreshold $AlertThresholdValue. Results returned: $results"

    $uri = 'https://teams-connector-uri'

    $body = ConvertTo-Json -Depth 4 @{
    summary = $alertName
    sections = @(
        @{
            activityTitle = $alertName
            activitySubtitle = $alertDescription
            activityText =  $formatMessage           
        },
        @{
            title = 'Details'
            facts = @(
                @{
                name = 'Query time range. (UTC)'
                value = "$StartTime $EndTime"
                },
                @{
                name = 'Link to search results'
                value = $formatLink
                },
                @{
                name = 'Query Executed'
                value = $query
                }
            )
        }
    )
} 
    Invoke-RestMethod -uri $uri -Method Post -body $body -ContentType 'application/json'
}

Then generate a webhook for the runbook and add this into the Azure Alert.

In the azure alert i've set the custom payload to this:

{ "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

Bingo, triggered alert and alert came through

Jespersen answered 6/2, 2020 at 13:35 Comment(1)

How do you add a custom payload? I don't see that option in azure now. – Weatherly 8/12, 2021 at 3:8

In Teams , for each channel we have a email address associated. "Get Email Address" option for the channel gives the email id. Use Email notification in Action Group with the Email Id. Webhook URL doesnt seem to work

Supererogate answered 1/7, 2020 at 17:47 Comment(1)

Is it needed to add that e-mail in Azure AD as well ? – Larina 22/9, 2021 at 17:39

I'm also looking into doing this and get exactly the same results as @JohnFox

Pretty tragic it can't just do it.

I've read somewhere you have to set up a Function or Logic App to be an "inbetween" from Azure to Teams (or Slack)

I tried this workaround...

http://www.nibrasmanna.com/send-azure-outage-notifications-to-microsoft-teams/

...but it is unworkable, all of the messages do get through to Teams, but the emails are too large to display.

To be honest getting webhooks running seems to be hard work

If anyone comes across a decent tutorial of getting this up and running, please post back - Thanks

Jenisejenkel answered 31/1, 2020 at 10:42 Comment(0)

The recommended way by Azure is to do it via an Action Group containing an Action of type Logic App. The official docu has detailed instructions.

Quick summary for the Logic App (create in Azure Portal -> Create a Resource -> Logic App):

Trigger: When a HTTP request is received
Add Step: Microsoft Teams - Post message
- Choose teams channel and configure message.

Sycee answered 29/10, 2020 at 12:57 Comment(2)

Is there a way to post this as a bot instead of the user who authenticated the connection between the Logic App and the Teams instance? – Collyrium 14/1, 2021 at 16:41

When you do it that way there will be no way to make sense out of the alert contents in teams. You'll need some sort of conversion – Homoio 23/2 at 10:32

I haven't worked with Azure alert, so I'm not sure exactly what options you have available, but it looks like, from the fact that your payload is structured, that you'd like to format it into some consistent mechanism.

A common way to to this using Connectors is the use something like an "actionable message card". In essence, you're sending like a mini formatted popup window into the Team channel. To see some examples, go here and click "Select a sample" on the top left menu.

To do this, the Card doesn't need to be very complex, but you do need to give a tiny bit of thought to what you want it to look like, and possibly what actions you want to offer. For example, you probably want the name and description in a tabular format of some sort, and the LinkToSearchResults to be a button on the bottom that loads a browser window. The Actionable Messages Designer can also be useful to help you put it together. When you have the final design, you'll end up with a JSON text payload, and you just need to compose that together with the tokens from Azure.

Like I said, I haven't worked with Azure alerts, but I think this should help.

Dumortierite answered 23/1, 2020 at 17:15 Comment(5)

This is along the right lines. The issue looks to be to do with the payload/body of the request I'm trying to send and suspect it's not being formatted correctly – Jespersen 24/1, 2020 at 8:31

Give it a go and keep me posted – Dumortierite 24/1, 2020 at 10:57

I've got a webhook example I'll try and post later. Seen it working in other accounts but on first attempt couldn't get it working – Jespersen 6/2, 2020 at 12:42

Keep us up to date. Having the same problem @JohnFox – Cupola 6/2, 2020 at 12:48

@Cupola take a look at the answer now, managed to get it sorted – Jespersen 6/2, 2020 at 13:36

Try the Azure Monitor-Zenduty-Teams integration. Works with both metric and log alerts and sends them to Teams channels and DM.

Breakaway answered 10/5, 2020 at 12:7 Comment(0)

Recommended topics

Hot tags