I am using terraform for MS Azure to trigger alert "azurerm_monitor_scheduled_query_rules_alert".
It has a query to send an e-mail when there is a restarted pod every 1 hour. But the problem is that it keeps sending the email if a pod is restarted like 2 months go. I receive an email every hour since it is restarted.
Is there any flag to avoid that in terraform? I only need an alert once since its restarted or atleast only since last day restarted pods?
main.tf
resource "azurerm_monitor_scheduled_query_rules_alert" "alertRestarted" {
name = "alert-restarted-pods-ingress"
location = var.location
resource_group_name = azurerm_resource_group.name
action {
action_group = [azurerm_monitor_action_group.test-monitoring-actiongroup.id]
email_subject = "[Severity: ${var.severity["error"]}] [${var.region}] [${var.environment}] [Ingress] Restart Pods"
}
data_source_id = data.azurerm_log_analytics_workspace.test-la.id
description = "restarted pods"
enabled = var.alert_enabled
query = file("restartedPods.query")
severity = var.severity["error"]
frequency = 60
time_window = 60
throttling = 30
trigger {
operator = "GreaterThan"
threshold = 0
}
}
query
KubePodInventory
| where Namespace == "mynamespace"
| project PodName = Name, PodStatus, ContainerRestartCount
| where ContainerRestartCount != 0
| where PodName contains "ingress-controller"
| order by PodName
| distinct PodName, PodStatus, ContainerRestartCount
