@cconrado Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.

@Mike-Ubezzi-MSFT yes we need the json schema so it can be parsed correctly because as of right now its confusing.

@cconrado - sample JSON schema is already documented in the doc.
SearchResults will provide the query result as a JSON table as shown in the sample in doc. The JSON table schema is dependent on your query. Depending on which tables are queried, what aggregation is applied and what operations are done - the results may vary. For reference you can run the query in Log Search and see the table structure - the same would be present in alert webhook.

Well an example on how to parse the json arrays. Want to get it print out
the results nicely would be very helpful. You could use logic apps too if
that's easier. Using the same payload is fine because just need an example
on how to break it up.

Thanks

On Mon, Sep 3, 2018, 11:41 AM Vijay Nagarajan notifications@github.com
wrote:

@cconrado https://github.com/cconrado - sample JSON schema is already
documented in the doc
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log-webhook#log-alert-for-azure-log-analytics
.
SearchResults will provide the query result as a JSON table as shown in
the sample in doc. The JSON table schema is dependent on your query.
Depending on which tables are queried, what aggregation is applied and what
operations are done - the results may vary. For reference you can run the
query in Log Search
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-search-portals#log-search
and see the table structure - the same would be present in alert webhook.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/14392#issuecomment-418159078,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AIvmUL7UazmA7uOq6uikAiqjn5g4aoL2ks5uXVuzgaJpZM4WWnFx
.

>

Carlos Conrado

@cconrado - You can parse the JSON table in various ways; Microsoft MVPs have published some samples on how to do this via Logic App and Automation Runbook; which you can refer to.

So this is good and would be helpful to have a link on the docs. But is
there no way with logic apps to join each column and row in the loop?

On Mon, Sep 3, 2018, 10:55 PM Vijay Nagarajan notifications@github.com
wrote:

@cconrado https://github.com/cconrado - You can parse the JSON table in
various ways; Microsoft MVPs have published some samples on how to do this
via Logic App
https://www.stefanroth.net/2018/08/23/azure-monitor-modify-alerts-using-logic-app/
and Automation Runbook
http://blogs.catapultsystems.com/cfuller/archive/2018/08/24/techniques-to-make-azure-monitor-alerts-from-log-analytics-more-useful-creating-custom-alerts-with-azure-automation/;
which you can refer to.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/14392#issuecomment-418233943,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AIvmUPaZr5oqfHkx5ZcQAqvRkTEai3ECks5uXfmqgaJpZM4WWnFx
.

>

Carlos Conrado

@cconrado - In Azure documentation, we detail on the core functionality; specific scenarios based details like extracting computer details for Perf counter query based alert - are available through our MVP and Microsoft TechCommunity sites.

As we can only comprehensively state and explain the Azure alert functionality. Specific scenario queries, like yours on merging data in Logic App is not in our scope or area of expertise. As suggested before the right place for such discussions is not in Azure docs but in Microsoft TechCommunity section.

Hi Vijay,

I understand, it's just the examples for it's use is there for the other
alert field payloads. But the search results example isnt and that's the
one I believe most people would need guidance on.

Also I was curious how you can send a web hook back to azure to change it's
alert status ?

Thanks

On Wed, Sep 5, 2018, 1:38 AM Vijay Nagarajan notifications@github.com
wrote:

@cconrado https://github.com/cconrado - In Azure documentation, we
detail on the core functionality; specific scenarios based details like
extracting computer details for Perf counter query based alert - are
available through our MVP and Microsoft TechCommunity
https://techcommunity.microsoft.com/ sites.

As we can only comprehensively state and explain the Azure alert
functionality. Specific scenario queries, like yours on merging data in
Logic App is not in our scope or area of expertise. As suggested before the
right place for such discussions is not in Azure docs but in Microsoft
TechCommunity https://techcommunity.microsoft.com/ section.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/14392#issuecomment-418616038,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AIvmUF-mJ4440HOxupa-PFbXjcElKcPrks5uX3FIgaJpZM4WWnFx
.

>

Carlos Conrado

@cconrado Are you referring to the Alert State from our new preview functionality? If yes, the API interface for the same will be made public soon. If you want early access I suggest reaching out to other of the article via comment.

please-close

@cconrado
We will now proceed to close this thread. If there are further questions regarding this matter, please respond and @YutongTie-MSFT and we will gladly continue the discussion.