'facing issues on terraform "azurerm_monitor_scheduled_query_rules_alert" query syntax

I am try to deploy an azure alert using the azurerm_monitor_scheduled_query_rules_alert

resource "azurerm_monitor_scheduled_query_rules_alert" "alertrule5" {
  name                = "alert5"
  location            = azurerm_resource_group.alert-rg.location
  resource_group_name = azurerm_resource_group.alert-rg.name

  action {
          action_group_id = azurerm_monitor_action_group.actiongrp.id
  }
  data_source_id = azurerm_log_analytics_workspace.logws.id
  description    = "Alert when total results cross threshold"
  enabled        = true
  # Count all requests with server error result code grouped into 5-minute bins
  query       =  <<-QUERY 
                AzureActivity | where SubscriptionId=="xxxx-xxx-xxxxxxxxxxx"
                | where TimeGenerated > ago(5m)
                | where OperationNameValue contains "role" and CategoryValue == "Administrative"
                | project OperationNameValue, Caller, ResourceGroup, CallerIpAddress, _ResourceId
                QUERY
  severity    = 3
  frequency   = 5
  time_window = 30
  trigger {
    operator  = "GreaterThan"
    threshold = 0
  }
}

Referring to :https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert i am running into error on the query syntax. Dont understand what i am doing wrong. The errors are as given below.

Error: Invalid expression

on main.tf line 78, in resource "azurerm_monitor_scheduled_query_rules_alert" "alertrule1": 78: query = <<-QUERY

Expected the start of an expression, but found an invalid expression token.

Error: Argument or block definition required

on main.tf line 79, in resource "azurerm_monitor_scheduled_query_rules_alert" "alertrule1": 79: AzureActivity | where TimeGenerated > now(-5m)

An argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value.

Error: Unsupported operator

on main.tf line 79, in resource "azurerm_monitor_scheduled_query_rules_alert" "alertrule1": 79: AzureActivity | where TimeGenerated > now(-5m)

Bitwise operators are not supported. Did you mean boolean OR ("||")?

terraform


Solution 1:[1]

action { action_group_id = [azurerm_monitor_action_group.actiongrp.id] }

the value of action_group_id should be in square brackets

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Shubhie267

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

How to enable terraform module only with a specific workspace

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Terragrunt ignores newly added outputs in a project

tls unsigned certificate when using terraform

What is the best way to solve `EntityAlreadyExists` error in terraform?

Terraform: How to create API Gateway endpoints and methods from a list of objects?

Terraform - refactoring modules: Error: Provider configuration not present

Passing multiple provider aliases to a module in terraform 0.12.13

What is the AWS Service Principal value for stepfunction?

Terraform - Use of environment variables in TF files

Terraform : Init