Log Azure alerts in ServiceNow using Azure Logic Apps

Azure provides a wide array of products and services that developers can build upon. Unfortunately, errors and exceptions will happen. When they do occur, we want to ensure our teams are aware of the issue before our end-users notice.

As a result, Microsoft provides a feature called Azure Monitor that allows administrators to create alerts for Azure resources.
When an alert is created, we have a few different notification options including sending an email, calling an Azure Function, generic webhook, Azure Logic App or leverage the new ITSM Management Connector.

All of these options have their place, but using Azure Logic App provides the most extensibility as we have the ability to enrich the information provided in the alert and have the ability to orchestrate a business process around the alert.

The following steps outline how to manually create a Logic App that can receive requests from Azure Monitor.

Before we can configure Azure Monitoring, we need to create our logic app that will be called from Azure Monitor. In this logic app, we just need to include an HTTP request trigger and then save our logic app.

Next, we need to access the Azure Monitor feature and create a New alert rule.

When creating an alert, we need to include the resource that we want to monitor. In this case, we want it be another logic app that requires close monitoring. For the purpose of this serverless tip, we will have a logic app that will generate an error, on purpose, so that our alert will trigger.
Our condition includes any time there is a failed logic app within 5 minutes, our alert will fire.

Next up, we need to determine the Action Group which will allow us to select our logic app as the channel that the alert should leverage. In this case we will create the logic app that we created in the first step.

In order to complete our logic app and send information to ServiceNow, we need to have our logic app fire so that we can get a sample message from Azure. We will run our logic app that created an error. Our logic app will run and we will want to capture our alert message in our HTTP request trigger so that we can parse it and use it to populate ServiceNow. Copy this output message.

We will use this message as a sample message in a Parse Json action so that we have a typed message to be used in our ServiceNow action.

We can now add our ServiceNow - Create Record action and include details from our Azure alert.

When we run our Logic App again that will create an error, we see our logic app will run and a new incident will be created inside of ServiceNow.

In this post we discussed how we can use Azure Logic Apps to create tickets whenever an Azure alert is generated. By using this approach, we can impose consistency across our Azure resources and provide a rich alerting and logging facility.