Azure Resource Graph Queries: Unveiling Efficient Resource Management

Introduction

In today's dynamic business landscape, where organizations manage numerous workloads across multiple Azure subscriptions, the traditional approach of manually querying and generating reports for management can be laborious and time-consuming. The need to swiftly fetch details of resources across various subscriptions while maintaining accuracy becomes paramount. This is where the power of Resource Graph queries in Azure comes into play, revolutionizing the way businesses manage their resources.

What is Resource Graph Query?

Resource Graph queries offer a streamlined and rapid solution to this complex challenge. Instead of sifting through disparate data sources and painstakingly compiling information, Resource Graph allows you to execute queries that seamlessly traverse across subscriptions and resource groups. This unified approach eliminates the need to switch contexts or sift through an array of reports to gain comprehensive insights.

Benefits:

Resource Graph queries fulfill the need for efficient and comprehensive querying of Azure resources in several ways:

1. Cross-Subscription and Resource Group Queries: Resource Graph allows you to query resources across subscriptions and resource groups in a single query, enabling a holistic view of your Azure environment without the need to switch contexts.

2. Complex Queries Made Simple: Resource Graph's Kusto Query Language (KQL) enables you to construct complex queries with ease, making it simpler to filter, sort, and aggregate data according to your requirements.

3. Rapid Insights: The optimized query execution of Resource Graph ensures that you receive insights quickly, even when dealing with vast amounts of resource data, reducing the time needed to understand your infrastructure.

4. Customized Data Retrieval: You can specify the exact properties you need in your query, minimizing the data transfer and enhancing performance. This level of customization aids in reducing query execution time.

5. Real-time Analysis: Resource Graph provides near real-time data, allowing you to perform up-to-date analysis on your Azure resources, which is particularly useful for monitoring, troubleshooting, and security audits.

6. Centralized Management: By consolidating resource information across multiple subscriptions and resource groups, Resource Graph facilitates centralized management and decision-making, saving time and effort.

7. Scalability: Resource Graph's parallel execution and optimized indexing enable it to handle large-scale queries efficiently, ensuring that you can analyze resources in even the most extensive Azure environments.

Queries:

Before you delve into crafting queries that cater to your unique requirements, invest time in mastering the nuances of KQL. So whether you're an aspiring data explorer or an expert remember the journey begins with understanding the foundation- Kusto Query Language.

Basic Queries:

// Find all VMs that are not assigned to a Zone nor is associated with an Availability Set

Resources

| where type =~ 'Microsoft.Compute/virtualMachines'

| where isnull(properties.availabilitySetReference) and isnull(properties.hardwareProfile.zone)

| project recommendationId = "vm-1", name, id

// Find all VMs that do NOT have Replication enabled

Resources

| where type =~ 'Microsoft.Compute/virtualMachines'

| where isnotnull(properties.extended.instanceView)

| where not(properties.extended.instanceView.replicationState == 'Replicating')

| project recommendationId = "vm-4", name, id

// Find all VMs that do NOT have Backup enabled

Resources

| where type =~ 'Microsoft.Compute/virtualMachines'

| where isnull(properties.backupProfile)

| project recommendationId = "vm-7", name, id

// Find all VMs with PublicIPs directly associated with them

Resources

| where type =~ 'Microsoft.Compute/virtualMachines'

| where isnotnull(properties.networkProfile.networkInterfaces)

| mv-expand nic=properties.networkProfile.networkInterfaces

| project name, id, nicId = nic.id

| extend nicId = tostring(nicId)

| join kind=inner (

    Resources

    | where type =~ 'Microsoft.Network/networkInterfaces'

    | where isnotnull(properties.ipConfigurations)

    | mv-expand ipconfig=properties.ipConfigurations

    | extend publicIp = tostring(ipconfig.properties.publicIPAddress.id)

    | where publicIp != ""

    | project name, nicId = tostring(id), publicIp

) on nicId

| project recommendationId = "vm-12", name, id

| order by id asc

Complex Queries:

// Let say you have ARC registered VMs and want to check the ARC agent version with the total count.

Resources

| where type =~ 'microsoft.hybridcompute/machines'

| extend agentVersion=tostring(properties.agentVersion)

| extend av = toint(split(agentVersion,".",1)[0])

| extend ArcAgent = case(

av >=20,'2.0 or Newer',

av < 20, 'Need to be updated',

'unsure')

| summarize count() by ArcAgent

| order by count_

// Let say you want to fetch what all extensions are deployed to your ARC VMs.

Resources

| where type == 'microsoft.hybridcompute/machines'

| project

      id,

      JoinID = toupper(id),

      ComputerName = tostring(properties.osProfile.computerName),

      OSName = tostring(properties.osName)

| join kind=leftouter(

      Resources

      | where type == 'microsoft.hybridcompute/machines/extensions'

      | project

            MachineId = toupper(substring(id, 0, indexof(id, '/extensions'))),

            ExtensionName = name

) on $left.JoinID == $right.MachineId

| summarize Extensions = make_list(ExtensionName) by id, ComputerName, OSName

| order by tolower(OSName) asc

// If you want to fetch for virtual machines,just modify the where conditions with type=='microsoft.compute/virtualmachines'.

There's an exciting feature that takes your resource management experience to the next level—pinning queries to dashboards and creating shared dashboards within Azure. This feature not only enhances your workflow efficiency but also promotes collaboration and data-driven decision-making.

Imagine having a curated set of Resource Graph queries that are vital to your daily operations and management tasks. These queries can be pinned to a dashboard, serving as your personalized control center for resource insights. With a quick glance, you can access key metrics, trends, and data points that matter most to you, eliminating the need to repeatedly run queries or sift through lengthy reports.

Creating a shared dashboard amplifies this convenience by fostering collaboration among team members.

Welcome to a future where queries are no longer a burden but a gateway to resource optimization and strategic success. Your resource insights are at your fingertips, unleash their potential and transform the way you manage Azure resources.