问题描述
使用以下查询调查Azure中的部署失败
AzureActivity
| where OperationNameValue endswith "XXXXXXXXXXX"
| where ActivityStatus in ("Failed")
| where CorrelationId == "XXXXXXXXXXXX"
| extend p = parse_json(Properties)
| project p
| evaluate bag_unpack(p)
我得到的结果(包含statusMessage
列)具有很高的嵌套级别,最重要的消息(显然)位于最内层。
"status": "Failed","error": {
"code": "ResourceOperationFailure","message": "The resource operation completed with terminal provisioning state 'Failed'.","details": [
{
"code": "ApplianceDeploymentFailed","message": "The operation to create appliance Failed. Please check operations of deployment 'app' under resource group '/subscriptions/xxx/resourceGroups/yyy'. Error message: 'At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.'","details": [
{
"code": "Conflict","message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"DeploymentFailed\",\r\n \"message\": \"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\",\r\n \"details\": [\r\n {\r\n \"code\": \"Conflict\",\r\n \"message\": \"{\\r\\n \\\"status\\\": \\\"Failed\\\",\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\": \\\"ResourceDeploymentFailure\\\",\\r\\n \\\"message\\\": \\\"The resource operation completed with terminal provisioning state 'Failed'.\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"DeploymentFailed\\\",\\r\\n \\\"message\\\": \\\"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"Conflict\\\",\\r\\n \\\"message\\\": \\\"{\\\\r\\\\n \\\\\\\"status\\\\\\\": \\\\\\\"Failed\\\\\\\",\\\\r\\\\n \\\\\\\"error\\\\\\\": {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"ResourceDeploymentFailure\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"The resource operation completed with terminal provisioning state 'Failed'.\\\\\\\",\\\\r\\\\n \\\\\\\"details\\\\\\\": [\\\\r\\\\n {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"DeploymentFailed\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\\\\\\\",\\\\r\\\\n \\\\\\\"details\\\\\\\": [\\\\r\\\\n {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"Conflict\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"{\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"status\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"Failed\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"error\\\\\\\\\\\\\\\": {\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"code\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"ResourceDeploymentFailure\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"The resource operation completed with terminal provisioning state 'Failed'.\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"details\\\\\\\\\\\\\\\": [\\\\\\\\r\\\\\\\\n {\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"code\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"OSProvisioningInternalError\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"OS Provisioning Failed for VM 'zzz' due to an internal error: [ProvisionError] cloud-init appears to be running,which is not expected,cannot continue.\\\\\\\\\\\\\\\"\\\\\\\\r\\\\\\\\n }\\\\\\\\r\\\\\\\\n ]\\\\\\\\r\\\\\\\\n }\\\\\\\\r\\\\\\\\n}\\\\\\\"\\\\r\\\\n }\\\\r\\\\n ]\\\\r\\\\n }\\\\r\\\\n ]\\\\r\\\\n }\\\\r\\\\n}\\\"\\r\\n }\\r\\n ]\\r\\n }\\r\\n ]\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}"
}
]
}
]
}
}
我显然希望在一个级别上包含所有错误和详细信息,并且响应中没有字符串化的JSON。
bag_unpack()
是执行此操作的合适工具吗?我可能缺少哪些设置?
还有其他功能可以帮助解决问题吗?
解决方法
由于嵌套错误的数量是无限的,所以最简单的方法是仅使用正则表达式使用extract_all()提取所有错误消息:
AzureActivity
| where OperationNameValue endswith "XXXXXXXXXXX"
| where ActivityStatus in ("Failed")
| where CorrelationId == "XXXXXXXXXXXX"
| extend Errors = extract_all('"message":"([^"]*)"',tostring(Properties))