Open 1fabi0 opened 1 year ago
Can you provide a complete bicep sample that reproduces this issue as well as the entire error message? The issue doesn't appear to be directly related to bicep, but that will help us route this properly.
The main.bicep I have
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: resourceGroup().name
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
location: resourceGroup().location
properties: {
allowBlobPublicAccess: false
supportsHttpsTrafficOnly: true
minimumTlsVersion: 'TLS1_2'
}
}
resource LogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
name: resourceGroup().name
location: resourceGroup().location
properties: {
sku: {
name: 'pergb2018'
}
retentionInDays: 30
features: {
enableLogAccessUsingOnlyResourcePermissions: true
}
workspaceCapping: {
dailyQuotaGb: -1
}
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
}
}
resource storageAccountBlob 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = {
parent: storageAccount
name: 'default'
properties: {
cors: {
corsRules: []
}
deleteRetentionPolicy: {
allowPermanentDelete: false
enabled: false
}
}
}
resource LogAnalyticsWorkspaceStorageBlobLogs 'Microsoft.OperationalInsights/workspaces/tables@2021-12-01-preview' = {
parent: LogAnalyticsWorkspace
name: 'StorageBlobLogs'
properties: {
totalRetentionInDays: 30
plan: 'Analytics'
schema: {
name: 'StorageBlobLogs'
}
retentionInDays: 30
}
}
resource LogStorageAccountDiagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'BlobStorageWrite'
scope: storageAccountBlob
properties:{
logs:[
{
category:'StorageWrite'
enabled: true
retentionPolicy: {
days: 0
enabled: false
}
}
]
workspaceId: LogAnalyticsWorkspace.id
}
}
resource IllegalUploadAlert 'microsoft.insights/scheduledqueryrules@2023-03-15-preview' = {
name: 'IllegalUpload_Alert'
location: resourceGroup().location
properties: {
severity: 2
enabled: true
evaluationFrequency: 'PT6H'
scopes: [
storageAccount.id
]
targetResourceTypes: [
'Microsoft.Storage/storageAccounts'
]
windowSize: 'PT6H'
overrideQueryTimeRange: 'P2D'
criteria: {
allOf: [
{
query: 'StorageBlobLogs |where TimeGenerated < ago(1h) and ObjectKey has("IllegalName") and OperationName == "PutBlob" |project ObjectKey'
timeAggregation: 'Count'
dimensions: []
operator: 'GreaterThan'
threshold: 0
failingPeriods: {
numberOfEvaluationPeriods: 1
minFailingPeriodsToAlert: 1
}
}
]
}
autoMitigate: true
actions: {
}
}
}
The error Message(I removed correlationId and OperationId for now)
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"{\\r\\n \\\"error\\\": {\\r\\n \\\"message\\\": \\\"The request had some invalid properties\\\",\\r\\n \\\"code\\\": \\\"BadArgumentError\\\",\\r\\n \\\"correlationId\\\": \\\"00000000-0000-0000-0000-000000000000\\\",\\r\\n \\\"innererror\\\": {\\r\\n \\\"code\\\": \\\"SemanticError\\\",\\r\\n \\\"message\\\": \\\"A semantic error occurred.\\\",\\r\\n \\\"innererror\\\": {\\r\\n \\\"code\\\": \\\"SEM0100\\\",\\r\\n \\\"message\\\": \\\"'where' operator: Failed to resolve scalar expression named 'ObjectKey'\\\"\\r\\n }\\r\\n }\\r\\n }\\r\\n}\"\r\n }\r\n}"},{"code":"NotFound","message":"{\r\n \"error\": {\r\n \"code\": \"ResourceNotFound\",\r\n \"message\": \"The specified table: 'DSMAzureStorageBlobLogs' does not exist. Operation Id: '00000000000000000000000000000000'\"\r\n }\r\n}"}]}}
After waiting some time and executing the deployment again it is successful
Definitely seems like an issue with the Resource Provider. We would recommend opening a support case for this. This is optional, but if you navigate to the deployment in the portal, you can see which specific operation failed and you can include that detail in the support case to help with routing.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage. Please see https://aka.ms/biceptypesinfo for troubleshooting help.
Bicep version 0.19.5
Describe the bug When creating a Log Alert that runs a KQL on the
StorageBlobLogs
-Table together with the required DiagnosticSettings for the BlobStorageService and the Log Analytics Workspace, the creation of the Log Alert fails with the message "A semantic error occured"/"SEM0100".My assumption is that the table is not created yet or the columns are not created yet, I also tried to create the table in the bicep, but that still fails because the default Columns seem not to be created automatically.
To Reproduce Execute a deployments that deployes the above described setup(Make sure the KQL uses default Columns of the
StorageBlobLogs
-Table)Additional context When waiting some time(wait until the
StorageBlobLogs
-Table is shown in the Log Analytics Workspace-Ressource) and executing the deployment a second time it doesn't fail anymore and the LogAlert is created successfully.