Event collection from Microsoft Azure Monitor

Australia IT Operations Management

Release

australia

ft:locale

fr-FR

ft:publication_title

Australia IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Event collection from Microsoft Azure Monitor

Rversion finale: Australia

Mis à jour 12 mars 2026

2 minutes de lecture

The MID WebServer Event Collector enables you to collect JSON formatted event messages sent from the Microsoft Azure portal.

Avant de commencer

Ensure that the Event Management Connectors (sn_em_connector) plugin is installed on the ServiceNow AI Platform instance.

Ensure that you:

Deploy and start the MID Server. See MID Server configuration .
Configure and start the MID Web Server. See Configure the MID Web Server extension.
Configure and start the MID WebService Event Collector. See Configure the MID WebService Event Collector Context.

Role required: evt_mgmt_admin

Pourquoi et quand exécuter cette tâche

On the Azure portal, alert correlation rules are defined through the Correlate alerts setting within Alert Processing Rules. When Correlate alerts is assigned on the Azure portal, the Azure Monitor alerts received on the ServiceNow® instance within 60 minutes are grouped using tag based alert clustering.

JSON formatted event messages are sent from Microsoft Azure. The MID Server transforms the collected event messages by parsing them using the TransformEvents_MidAzureMonitor script include, located here: Event Management > Integrations > PushConnectors. In the Push Connectors page, click Azure Monitor Mid Push Connector.

The default format of the URL to push event messages from Microsoft Azure to the MID Server is http://<MID_Web_Server_User>:<MID_Web_Server_Password>@<MID_Server_IP>:<MID_Web_Server_Port>/api/mid/em/inbound_event?Transform=TransformEvents_MidAzureMonitor.

Tableau 1. Variables in the default URL
Variable	Description
MID_Server_IP	IP address of the MID Web Server Extension.
MID_Web_Server_Port	Listening port of the MID Web Server Extension.
MID_Web_Server_User	Username for the MID Web Server Extension.
MID_Web_Server_Password	Password of the user of the MID Web Server.

The following procedure describes the collection of JSON formatted event messages using basic authentication.

Procédure

In the Azure Monitor Portal, make sure the MID Server IP is accessible from the Azure portal and the MID rest point is accessible from Microsoft Azure or install the MID Server on a Azure VM and provide the Azure VM public address in the URL and allow the mid_web_Server_port in Azure VM > Networking Settings > Inbound port rules.
Create an action group with a webhook and provide the rest endpoint as http://<MID_Web_Server_User>:<MID_Web_Server_Password>@<MID_Server_IP>:<MID_Web_Server_Port>/api/mid/em/inbound_event?Transform=TransformEvents_MidAzureMonitor

Remarque :
For more information about adding a webhook to an action group, see Create and manage action groups in the Azure portal on the Microsoft documentation site.
In the Webhook section, make sure Yes is selected for the Enable the common alert schema option.
Navigate to Alerts > Manage Alert Rules.
Add the action group with the webhook to an alert rule.

Que faire ensuite

If you want to send alert state changes on the ServiceNow instance from the ServiceNow alerts to the Azure Portal, you need to enable the Azure Monitor Bi-directional connector. For more information, see Configure Azure Monitor Bi-directional connector.