azureazure-cliazure-monitoringazure-alerts

List active Azure Monitor Alerts using the Azure CLI

I'm trying to figure out if there is way of listing active (fired) alerts using the Azure CLI? I've found this command: az monitor metrics alert list which will list all of the alerts. However, there seems to be no information in that which tells me the current state of the alert. Does that exist?

The closest I've come is an Azure Resource Graph Explorer query that looks like this, which lists the active alerts:

alertsmanagementresources
| where type == 'microsoft.alertsmanagement/alerts'
| extend severity = tostring(properties["essentials"]["severity"])
| where properties["essentials"]["monitorCondition"] in~ ('Fired')
| where properties["essentials"]["startDateTime"] >= datetime(Tue, 07 Mar 2023 05:49:47 GMT) and properties["essentials"]["startDateTime"] <= datetime(Thu, 06 Apr 2023 05:49:47 GMT)
| project id,severity,name,essentials = properties["essentials"],subscriptionId
| order by todatetime(essentials["startDateTime"]) desc

Can I run that from the Azure CLI maybe?

Solution

  • Can I run that from the Azure CLI maybe?

    Yes, you can do this in Azure cli. I have reproduced in my environment and got expected results as below:

    You can use below cli command and I have followed Microsoft-Document:

    I have modified your code:

    az graph query -q "
alertsmanagementresources
| where type == 'microsoft.alertsmanagement/alerts'
| extend severity = tostring(properties['essentials']['severity'])
| where properties['essentials']['monitorCondition'] in~ ('Fired')
| where properties['essentials']['startDateTime'] >= datetime(Tue, 07 Mar 2023 05:49:47 GMT) and properties['essentials']['startDateTime'] <= datetime(Thu, 06 Apr 2023 05:49:47 GMT)
| project id,severity,name,essentials = properties['essentials'],subscriptionId
| order by todatetime(essentials['startDateTime']) desc "

    Output:

    enter image description here

    Output in Portal:

    enter image description here

    In resource graph explorer:

    enter image description here

    If you want the data in tabular form the use below code in cli:

    $x=az graph query -q "
    alertsmanagementresources
    | where type == 'microsoft.alertsmanagement/alerts'
    | extend severity = tostring(properties['essentials']['severity'])
    | where properties['essentials']['monitorCondition'] in~ ('Fired')
    | where properties['essentials']['startDateTime'] >= datetime(Tue, 07 Mar 2023 05:49:47 GMT) and properties['essentials']['startDateTime'] <= datetime(Thu, 06 Apr 2023 05:49:47 GMT)
    | project id,severity,name,essentials = properties['essentials'],subscriptionId
    | order by todatetime(essentials['startDateTime']) desc" |ConvertFrom-Josn
$x.data

    enter image description here

    Output:

    enter image description here