Last active
September 4, 2023 08:57
-
-
Save techdecline/cd378cdf236882279a77e373222efc35 to your computer and use it in GitHub Desktop.
Get Most-Triggered Azure Monitor Alerts for a subscription
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AzTopMonitors { | |
| <# | |
| .Description | |
| This function returns the top-most triggered Azure Monitor Alerts for a given Subscription. Requires existing Azure PowerShell Sign-In. | |
| #> | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $SubscriptionId, | |
| [Parameter(Mandatory=$false)] | |
| [int] | |
| $EvaluationPeriodInDays = 30, | |
| [Parameter(Mandatory=$false)] | |
| [int] | |
| $First = 3 | |
| ) | |
| # Set context on selected subscription | |
| try { | |
| $null = Set-AzContext -Subscription $SubscriptionId -ErrorAction Stop | |
| } | |
| catch [System.Management.Automation.ActionPreferenceStopException]{ | |
| Write-Error "Could not connect to subcription: $($Error[0].Exception.Message)" | |
| } | |
| # Query all triggered alerts for specified days | |
| Get-AzAlert -IncludeContext $true -TimeRange "$($EvaluationPeriodInDays)d" | Group-Object -Property Name | ` | |
| Sort-Object -Descending | ` | |
| Select-Object -First $First -Property Name,@{Name='ResourceType';Expression={((ConvertFrom-Json $_.Group[0].ContextPayload).context.ResourceType)}},@{Name='Description';Expression={(ConvertFrom-Json $_.Group[0].ContextPayload).context.description}}, @{Name='Current Severity';Expression={$_.Group[0].Severity}},@{Name='Recommend Severity';Expression={"tbd"}},@{Name='Notes';Expression={"tbd"}},@{Name='TriggeredCount';Expression={$_.Count}},@{Name='Id';Expression={$_.Group.Id}} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment