Azure Monitor now lets you query data in Azure Resource Graph from your Log Analytics workspace.
You can utilize this feature to make your Azure Log Analytics queries aware of your resource’s properties such as tags, resource attributes and much more.
You can run cross-service queries by using any client tools that support Kusto Query Language (KQL) queries, including the Log Analytics web UI, workbooks, PowerShell, and the REST API. Read more here
Query data in Azure Resource Graph
As Azure Resource Graph continues to expose more valuable data, you can now create cross-service queries between Log Analytics workspaces and Azure Resource Graph.
Here are some sample Azure Log Analytics queries that use the new Azure Resource Graph cross-service query capabilities:
- Filter a Log Analytics query based on the results of an Azure Resource Graph query
- Filter your KQL query to get only virtual machines that are from Standard_D typle that has data:
arg("").Resources
| where type == "microsoft.compute/virtualmachines" and properties.hardwareProfile.vmSize startswith "Standard_D"
| join (
Heartbeat
| where TimeGenerated > ago(1d)
| distinct Computer
)
on $left.name == $right.Computer
- Create an alert rule that applies only to certain resources taken from an ARG query
- Exclude resources based on tags – for example, not to trigger alerts for VMs with a “Test” tag.
arg(״״).Resources
| where tags.environment=~'Test'
| project name
- Retrieve performance data related to CPU utilization and filter to resources with the “prod” tag:
InsightsMetrics
| where Name == "UtilizationPercentage"
| lookup (
arg("").Resources
| where type == 'microsoft.compute/virtualmachines'
| project _ResourceId=tolower(id), tags
)
on _ResourceId
| where tostring(tags.Env) == "Prod"
More use cases:
- Use a tag to determine whether VMs should be running 24x7 or should be shutdown at night.
- Show alerts on any server that contains a certain number of cores.