I need to create an alert from Azure CLI (no access to portal), using a "custom log search" signal on containerLogV2 to see if there are any exceptions in any of my containers. I have an action group which I need to use for sending emails and sms. I have the below command and am quite sure that I am not setting the condition right. Please advise what the right approach would be. I couldn't find any example for this case on MSDN docs. Thanks.
az monitor metrics alert create \
--condition "ContainerLogV2 | where LogMessage has "Exception" | where ContainerName !has "sms-management" | where TimeGenerated > ago(1h)" \
--name "Dev AKS Errors Alert" \
--resource-group "my-rg" \
--scopes "/subscriptions/my-sub/resourcegroups/my-rg/" \
--evaluation-frequency "60m" \
--severity 1 \
--region "west europe" \
--action "/subscriptions/my-sub/resourcegroups/my-rg/providers/microsoft.insights/actiongroups/my-ag"
I probably need to figure out what details I need to send in the email and the sms from my alert next. Any help on that would be appreciated as well. Thank you.
[Update] Based on the advice from @Jahnavi I tried the below command
az monitor scheduled-query create \
--resource-group "my-rg" \
--name "AKS Errors Alert" \
--scopes "/subscriptions/supscription-id/resourcegroups/my-rg/providers/Microsoft.ContainerService/managedClusters/aks-dev" \
--condition "count 'AppExceptions' > 1 resource id _ResourceId at least 1 violations out of 5 aggregated points" \
--condition-query AppExceptions="ContainerLogV2 | where LogMessage has \"Exception\" | where TimeGenerated > ago(1h)" \
--description "Notify team on exceptions in AKS" \
--location "westeurope" \
--evaluation-frequency "5m" \
--severity 1 \
--action-groups "/subscriptions/supscription-id/resourceGroups/my-rg/providers/microsoft.insights/actionGroups/my-ag"
I was able to create a new alert rule with the above command.
