One of the actions provided by a Log Analytics alert is to execute the Azure Automation runbook. This facility of executing runbooks on an alert provides the opportunity to act on the alert to remediate it and inform the relevant stakeholders using notifications.
- The first step in executing a runbook in response to an alert is to create an Azure Automation Account:
- After the account is provisioned, create a runbook, as shown in the following screenshot, to prove that it can be executed as part of the alert generation. In this case, the runbook sends an email as part of the notification. It uses Azure Automation credentials to send an email using the O365 SMTP server. Users should have a valid O365 account before sending an email using Azure Automation.
- It has to be noted that this is just a demonstration. The runbook can also accept parameters and Log Analytics alerts and send a single object parameter. This parameter contains all the data pertaining to the source of the alert, details about the alert, and information that is available with Log Analytics:
- The data is in JSON format and a ConvertFrom-JSON cmdlet can be used to create PowerShell objects.
- The next step is to configure a Log Analytics configuration so that it can connect to the Azure Automation account. For this, an Automation & Control solution needs to be enabled and deployed.
- Clicking on this tile will navigate to the Solutions Gallery configuration window. Click on Configure Workspace to deploy it:
- Select the newly-created Azure Automation Account as part of the deployment of the solution:
- After deploying the solution, navigate to the Settings window within the Log Analytics workspace and ensure that the Azure Automation settings shows details about the Azure Automation Account as shown below. This ensures that the Log Analytics workspace is connected to the Azure Automation Account:
- Now the runbook should be available while configuring the alert action runbook, as shown in the following screenshot:
