We are using a webhook to pass dynamic values from KQL driven alerts in Azure monitor into Jira
The only way Ive worked out to create the dynamic values is by using them as dimensions in the summarise step
<code>Event
| where EventID == 999
and Source == 'AILog'
and TimeGenerated > ago(1455m)
| extend ExtProps = parse_json(RenderedDescription)
|project TimeGenerated
,process =ExtProps ["Process"]
,File_name =ExtProps ["FileName"]
,Filesize = ExtProps ["Size"]
,Client = ExtProps ["Client"]
|where process =='Send trans to Clover SFTP'
|summarize Trigger = count(), Client = max(tostring(Client)), MasterProject ='XXX', Priority ='XXX', AlertName ="XXX", Context = "XXx"
</code>
<code>Event
| where EventID == 999
and Source == 'AILog'
and TimeGenerated > ago(1455m)
| extend ExtProps = parse_json(RenderedDescription)
|project TimeGenerated
,process =ExtProps ["Process"]
,File_name =ExtProps ["FileName"]
,Filesize = ExtProps ["Size"]
,Client = ExtProps ["Client"]
|where process =='Send trans to Clover SFTP'
|summarize Trigger = count(), Client = max(tostring(Client)), MasterProject ='XXX', Priority ='XXX', AlertName ="XXX", Context = "XXx"
</code>
Event
| where EventID == 999
and Source == 'AILog'
and TimeGenerated > ago(1455m)
| extend ExtProps = parse_json(RenderedDescription)
|project TimeGenerated
,process =ExtProps ["Process"]
,File_name =ExtProps ["FileName"]
,Filesize = ExtProps ["Size"]
,Client = ExtProps ["Client"]
|where process =='Send trans to Clover SFTP'
|summarize Trigger = count(), Client = max(tostring(Client)), MasterProject ='XXX', Priority ='XXX', AlertName ="XXX", Context = "XXx"
The only real dynamic value is the client because this is a generic alert and the client changes.
This then allows me to set up each dimension in the split by dimension step in azure alerting
This is super clunky and prone to error
So anyone got idea how I can improve this?