How to format an Azure Logic App JSON payload containing a Teams message with Azure Alert?
I've been trying to configure Azure Alerts (specifically VM low disk space query) to send a message to a Teams channel every time an alert is triggered using an Azure Logic App. It does what it's supposed to, however I do not know how to format the message to make it look a bit more neat. What I'm currently getting is this: Teams message I get
I'd like it to also contain the drive and value (which the email alerts triggered by the same query do). I am using the built-in Logic App Teams integration (Post message in a chat or channel). Currently just configured to return the configurationItems value which sadly, is the closest I got to what I want to achieve, anything else displays an absolute mess of JSON code. Logic App Designer view
I've tried different combination of values and variables but the app designer is very limited in what it allows me to do. The query I'm using is:
InsightsMetrics
| where Namespace == "LogicalDisk"
| where Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| summarize arg_max(TimeGenerated, *) by Disk, Computer
| project Computer, Disk, Val | where Val < 10
The data I want to 'extract' is stored in the Computer, Disk and Val dimensions. Below is the JSON output payload from the logic app, as you can see all the data I need to extract is stored in the dimensions stored above.
{
"headers": {
"Expect": "100-continue",
"Host": "prod-29.uksouth.logic.azure.com",
"Max-Forwards": "10",
"User-Agent": "IcMBroadcaster/1.0",
"X-CorrelationContext": "RkkKACgAAAACAAAAEACyLD23wrGCS7pV2gtMjiR5AQAQAIpdK63VFIhCsQq3AI7HA4c=",
"X-ARR-LOG-ID": "32bea9c0-3db3-4cee-95c1-2b7f0d1e1f0f",
"CLIENT-IP": "52.184.145.166:31132",
"DISGUISED-HOST": "prod-29.uksouth.logic.azure.com",
"X-SITE-DEPLOYMENT-ID": "flowfe-prod-ln-rp00-app",
"WAS-DEFAULT-HOSTNAME": "flowfe-prod-ln-rp00-app.flow-prod-ln-rp00-ase.p.azurewebsites.net",
"X-Forwarded-Proto": "https",
"X-AppService-Proto": "https",
"X-ARR-SSL": "2048|256|CN=Microsoft Azure RSA TLS Issuing CA 03, O=Microsoft Corporation, C=US|CN=uksouth.logic.azure.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US",
"X-Forwarded-TlsVersion": "1.2",
"X-Forwarded-For": "52.184.145.166:31132",
"X-Original-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"X-WAWS-Unencoded-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"Content-Length": "4731",
"Content-Type": "application/json; charset=utf-8"
},
"body": {
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.AlertsManagement/alerts/bbf927f7-de30-b602-1c83-1775e44f0017",
"alertRule": "VM_LowDiskSpace",
"severity": "Sev3",
"signalType": "Log",
"monitorCondition": "Fired",
"monitoringService": "Log Alerts V2",
"alertTargetIDs": [
"/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourcegroups/gds-uks-svr-mgmt-rg/providers/microsoft.operationalinsights/workspaces/gds-uks-svr-mgmt-law"
],
"configurationItems": [
"GDS-SCCM-VM01"
],
"originAlertId": "7eab1d19-63bd-4690-9cac-a1e9eb843efd",
"firedDateTime": "2024-03-03T10:49:56.8527969Z",
"description": "This will send and alert if any VM's disk space is less than 10%.",
"essentialsVersion": "1.0",
"alertContextVersion": "1.0"
},
"alertContext": {
"properties": {},
"conditionType": "LogQueryCriteria",
"condition": {
"windowSize": "P1D",
"allOf": [
{
"searchQuery": "InsightsMetrics\n| where Namespace == \"LogicalDisk\"\n| where Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize arg_max(TimeGenerated, *) by Disk, Computer\n| project Computer, Disk, Val\n| where Val < 10\n",
"metricMeasureColumn": null,
"targetResourceTypes": "['Microsoft.OperationalInsights/workspaces']",
"operator": "GreaterThanOrEqual",
"threshold": "1",
"timeAggregation": "Count",
"dimensions": [
{
"name": "Computer",
"value": "GDS-SCCM-VM01"
},
{
"name": "Disk",
"value": "L:"
},
{
"name": "Val",
"value": "9.17095184326172"
}
],
"metricValue": 1,
"failingPeriods": {
"numberOfEvaluationPeriods": 1,
"minFailingPeriodsToAlert": 1
},
"linkToSearchResultsUI": "https://portal.azure.com#@6ebe178c-d0e7...
"linkToFilteredSearchResultsUI": "https://portal.azure.com#@6ebe178c..
"linkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspa...
"linkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1...
"event": null
}
],
"windowStartTime": "2024-03-02T10:46:51Z",
"windowEndTime": "2024-03-03T10:46:51Z"
}
},
"customProperties": {}
}
}
}
Below is the Logic App Code View, I am quite sure that I can achieve my goal by manually editing the 'messageBody' part, but I am not sure what needs changing:
{
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Post_message_in_a_chat_or_channel": {
"inputs": {
"body": {
"messageBody": "<p>@{triggerBody()?['data']?['essentials']?['configurationItems']}</p>",
"recipient": {
"channelId": "19:d95313643c10419690663a2d1a026c7a@thread.skype",
"groupId": "e0112486-b573-4377-b8a9-df4450dd4383"
}
},
"host": {
"connection": {
"name": "@parameters('$connections')['teams_2']['connectionId']"
}
},
"method": "post",
"path": "/beta/teams/conversation/message/poster/@{encodeURIComponent('User')}/location/@{encodeURIComponent('Channel')}"
},
"runAfter": {},
"type": "ApiConnection"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"inputs": {
"schema": {
"properties": {
"data": {
"properties": {
"alertContext": {
"properties": {
"condition": {
"properties": {
"allOf": {
"items": {
"properties": {
"dimensions": {
"items": {
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"name",
"value"
],
"type": "object"
},
"type": "array"
},
"metricName": {
"type": "string"
},
"metricNamespace": {
"type": "string"
},
"metricValue": {
"type": "number"
},
"operator": {
"type": "string"
},
"threshold": {
"type": "string"
},
"timeAggregation": {
"type": "string"
}
},
"required": [
"metricName",
"metricNamespace",
"operator",
"threshold",
"timeAggregation",
"dimensions",
"metricValue"
],
"type": "object"
},
"type": "array"
},
"windowSize": {
"type": "string"
}
},
"type": "object"
},
"conditionType": {
"type": "string"
},
"properties": {}
},
"type": "object"
},
"customProperties": {
"properties": {
"Key1": {
"type": "string"
},
"Key2": {
"type": "string"
}
},
"type": "object"
},
"essentials": {
"properties": {
"alertContextVersion": {
"type": "string"
},
"alertId": {
"type": "string"
},
"alertRule": {
"type": "string"
},
"alertTargetIDs": {
"items": {
"type": "string"
},
"type": "array"
},
"configurationItems": {
"items": {
"type": "string"
},
"type": "array"
},
"description": {
"type": "string"
},
"essentialsVersion": {
"type": "string"
},
"firedDateTime": {
"type": "string"
},
"monitorCondition": {
"type": "string"
},
"monitoringService": {
"type": "string"
},
"originAlertId": {
"type": "string"
},
"resolvedDateTime": {
"type": "string"
},
"severity": {
"type": "string"
},
"signalType": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"schemaId": {
"type": "string"
}
},
"type": "object"
}
},
"kind": "Http",
"type": "Request"
}
}
},
"parameters": {
"$connections": {
"value": {
"teams_2": {
"connectionId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourceGroups/GDS-UKS-Prod-LogicApps-rg/providers/Microsoft.Web/connections/teams-1",
"connectionName": "teams-1",
"id": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.Web/locations/uksouth/managedApis/teams"
}
}
}
}
}
My question is: How do I modify this app to send a nice and neat message to our Teams channel, displaying the alert with Computer name, disk and value? I was thinking about using IncomingWebhook integration instead but I am not sure how to configure it. Any help on this will be highly appreciated.
I tried modifying the values within the App Designer but it ended up displaying a mess of incomprehensible code in the message. Clicking the dimensions value within app designer automatically puts in in the foreach loop which kinda makes sense as there are multiple dimensions but I do not know how to extract the desired values from the payload. I am using the Azure Common Alerts Schema.
Solution
How do I modify this app to send a nice and neat message to our Teams channel, displaying the alert with Computer name, disk and value? I was thinking about using IncomingWebhook integration instead but I am not sure how to configure it. Any help on this will be highly appreciated.
Firstly created a incoming webhook like below:
Design:
Then:
body:
{"text":@{body('Create_HTML_table')}}
Output:
Parse Json schema:
{
"type": "object",
"properties": {
"body": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"alertContext": {
"type": "object",
"properties": {
"condition": {
"type": "object",
"properties": {
"allOf": {
"type": "array",
"items": {
"type": "object",
"properties": {
"dimensions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": [
"name",
"value"
]
}
},
"event": {},
"failingPeriods": {
"type": "object",
"properties": {
"minFailingPeriodsToAlert": {
"type": "integer"
},
"numberOfEvaluationPeriods": {
"type": "integer"
}
}
},
"linkToFilteredSearchResultsAPI": {
"type": "string"
},
"linkToFilteredSearchResultsUI": {
"type": "string"
},
"linkToSearchResultsAPI": {
"type": "string"
},
"linkToSearchResultsUI": {
"type": "string"
},
"metricMeasureColumn": {},
"metricValue": {
"type": "integer"
},
"operator": {
"type": "string"
},
"searchQuery": {
"type": "string"
},
"targetResourceTypes": {
"type": "string"
},
"threshold": {
"type": "string"
},
"timeAggregation": {
"type": "string"
}
},
"required": [
"dimensions",
"event",
"failingPeriods",
"linkToFilteredSearchResultsAPI",
"linkToFilteredSearchResultsUI",
"linkToSearchResultsAPI",
"linkToSearchResultsUI",
"metricMeasureColumn",
"metricValue",
"operator",
"searchQuery",
"targetResourceTypes",
"threshold",
"timeAggregation"
]
}
},
"windowEndTime": {
"type": "string"
},
"windowSize": {
"type": "string"
},
"windowStartTime": {
"type": "string"
}
}
},
"conditionType": {
"type": "string"
},
"properties": {
"type": "object",
"properties": {}
}
}
},
"customProperties": {
"type": "object",
"properties": {}
},
"essentials": {
"type": "object",
"properties": {
"alertContextVersion": {
"type": "string"
},
"alertId": {
"type": "string"
},
"alertRule": {
"type": "string"
},
"alertTargetIDs": {
"type": "array",
"items": {
"type": "string"
}
},
"configurationItems": {
"type": "array",
"items": {
"type": "string"
}
},
"description": {
"type": "string"
},
"essentialsVersion": {
"type": "string"
},
"firedDateTime": {
"type": "string"
},
"monitorCondition": {
"type": "string"
},
"monitoringService": {
"type": "string"
},
"originAlertId": {
"type": "string"
},
"severity": {
"type": "string"
},
"signalType": {
"type": "string"
}
}
}
}
},
"schemaId": {
"type": "string"
}
}
},
"headers": {
"type": "object",
"properties": {
"CLIENT-IP": {
"type": "string"
},
"Content-Length": {
"type": "string"
},
"Content-Type": {
"type": "string"
},
"DISGUISED-HOST": {
"type": "string"
},
"Expect": {
"type": "string"
},
"Host": {
"type": "string"
},
"Max-Forwards": {
"type": "string"
},
"User-Agent": {
"type": "string"
},
"WAS-DEFAULT-HOSTNAME": {
"type": "string"
},
"X-ARR-LOG-ID": {
"type": "string"
},
"X-ARR-SSL": {
"type": "string"
},
"X-AppService-Proto": {
"type": "string"
},
"X-CorrelationContext": {
"type": "string"
},
"X-Forwarded-For": {
"type": "string"
},
"X-Forwarded-Proto": {
"type": "string"
},
"X-Forwarded-TlsVersion": {
"type": "string"
},
"X-Original-URL": {
"type": "string"
},
"X-SITE-DEPLOYMENT-ID": {
"type": "string"
},
"X-WAWS-Unencoded-URL": {
"type": "string"
}
}
}
}
}
Also refer SO-Thread.
Edit:
Input Payload:
{
"body": {
"data": {
"alertContext": {
"condition": {
"allOf": [
{
"dimensions": [
{
"name": "Computer",
"value": "GDS-SCCM-VM01"
},
{
"name": "Disk",
"value": "L:"
},
{
"name": "Val",
"value": "9.17095184326172"
}
],
"event": null,
"failingPeriods": {
"minFailingPeriodsToAlert": 1,
"numberOfEvaluationPeriods": 1
},
"linkToFilteredSearchResultsAPI": "https://api.loganalytics.io/v1...",
"linkToFilteredSearchResultsUI": "https://portal.azure.com#@6ebe178c..",
"linkToSearchResultsAPI": "https://api.loganalytics.io/v1/workspa...",
"linkToSearchResultsUI": "https://portal.azure.com#@6ebe178c-d0e7...",
"metricMeasureColumn": null,
"metricValue": 1,
"operator": "GreaterThanOrEqual",
"searchQuery": "InsightsMetrics\n| where Namespace == \"LogicalDisk\"\n| where Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize arg_max(TimeGenerated, *) by Disk, Computer\n| project Computer, Disk, Val\n| where Val < 10\n",
"targetResourceTypes": "['Microsoft.OperationalInsights/workspaces']",
"threshold": "1",
"timeAggregation": "Count"
}
],
"windowEndTime": "2024-03-03T10:46:51Z",
"windowSize": "P1D",
"windowStartTime": "2024-03-02T10:46:51Z"
},
"conditionType": "LogQueryCriteria",
"properties": {}
},
"customProperties": {},
"essentials": {
"alertContextVersion": "1.0",
"alertId": "/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/providers/Microsoft.AlertsManagement/alerts/bbf927f7-de30-b602-1c83-1775e44f0017",
"alertRule": "VM_LowDiskSpace",
"alertTargetIDs": [
"/subscriptions/69d11cc8-b7af-4c8c-bb54-9cf72cabbcba/resourcegroups/gds-uks-svr-mgmt-rg/providers/microsoft.operationalinsights/workspaces/gds-uks-svr-mgmt-law"
],
"configurationItems": [
"GDS-SCCM-VM01"
],
"description": "This will send and alert if any VM's disk space is less than 10%.",
"essentialsVersion": "1.0",
"firedDateTime": "2024-03-03T10:49:56.8527969Z",
"monitorCondition": "Fired",
"monitoringService": "Log Alerts V2",
"originAlertId": "7eab1d19-63bd-4690-9cac-a1e9eb843efd",
"severity": "Sev3",
"signalType": "Log"
}
},
"schemaId": "azureMonitorCommonAlertSchema"
},
"headers": {
"CLIENT-IP": "52.184.145.166:31132",
"Content-Length": "4731",
"Content-Type": "application/json; charset=utf-8",
"DISGUISED-HOST": "prod-29.uksouth.logic.azure.com",
"Expect": "100-continue",
"Host": "prod-29.uksouth.logic.azure.com",
"Max-Forwards": "10",
"User-Agent": "IcMBroadcaster/1.0",
"WAS-DEFAULT-HOSTNAME": "flowfe-prod-ln-rp00-app.flow-prod-ln-rp00-ase.p.azurewebsites.net",
"X-ARR-LOG-ID": "32bea9c0-3db3-4cee-95c1-2b7f0d1e1f0f",
"X-ARR-SSL": "2048|256|CN=Microsoft Azure RSA TLS Issuing CA 03, O=Microsoft Corporation, C=US|CN=uksouth.logic.azure.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US",
"X-AppService-Proto": "https",
"X-CorrelationContext": "RkkKACgAAAACAAAAEACyLD23wrGCS7pV2gtMjiR5AQAQAIpdK63VFIhCsQq3AI7HA4c=",
"X-Forwarded-For": "52.184.145.166:31132",
"X-Forwarded-Proto": "https",
"X-Forwarded-TlsVersion": "1.2",
"X-Original-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo",
"X-SITE-DEPLOYMENT-ID": "flowfe-prod-ln-rp00-app",
"X-WAWS-Unencoded-URL": "/workflows/ce0dd9c044ab4ebe8bb5d76381be9765/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=SCgN-yEDezdc7OmH7v_IQwM3M4KUIjM8qNSciI7SMXo"
}
}```
- SQL Server - how to query JSON string which has numeric value as keys
- Why does the ASP.Net MVC model binder bind an empty JSON array to null?
- How to get async call to return response to main thread, using okhttp?
- Backbone insert data inside Model from another
- Blazor requesting a json file
- UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 3131: invalid start byte
- How to parse JSON string in Typescript
- Removing JSON object from JSON file
- Directory import not supported
- Foreach loop in Reviews.io API for Products
- how to pass JSON data though a foreach loop in php
- How to select data and put it on label text coming from HTTP request in Xamarin
- json_encode() throwing an error: "Invalid UTF-8 sequence in argument"
- How can an arbitrary json structure be deserialized with reqwest get in Rust?
- Jmeter JSON Extractor for Value based off another Value in Array
- How to make members with the required keyword (C# 11) be required in JSON schemas generated by json-schema builder?
- How do I automatically fix an invalid JSON string?
- ModuleNotFoundError: No module named 'json'
- JSON schema to enforce array contents
- Oracle JSON Query with hyphen-key
- Converting XML to JSON using Python?
- How can add comments when serialize to JSON
- Accessing JSON's value from app metafield in liquid
- Create json-encoded array from a PDO query result column
- JSON encode the first column of a 2d array
- need to json_encode a PHP array in a particular way
- How to convert FormData (HTML5 object) to JSON
- Organisational Policy Permissions Google Cloud for Microsoft Migration
- Replace NULL with NIL when using JSON or Hash
- Which characters are valid/invalid in a JSON key name?