Starter query samples

发布时间：2025-08-13 11:22

商务会议中，'question'应说为'query' #生活技巧# #职场沟通技巧# #商务英语#

The first step to understanding queries with Azure Resource Graph is a basic understanding of the Query Language. If you aren't already familiar with Kusto Query Language (KQL), it's recommended to review the KQL tutorial to understand how to compose requests for the resources you're looking for.

This article uses the following starter queries:

Count Azure resources Count Key Vault resources List resources sorted by name Show all virtual machines ordered by name in descending order Show first five virtual machines by name and their OS type Count virtual machines by OS type Show resources that contain storage List all Azure virtual network subnets List all public IP addresses Count resources that have IP addresses configured by subscription List resources with a specific tag value List all storage accounts with specific tag value List all tags and their values Show unassociated network security groups List Azure Monitor alerts ordered by severity List Azure Monitor alerts ordered by severity and alert state List Azure Monitor alerts ordered by severity, monitor service, and target resource type

If you don't have an Azure subscription, create a free account before you begin.

Azure CLI (through an extension) and Azure PowerShell (through a module) support Azure Resource Graph. Before running any of the following queries, check that your environment is ready. See Azure CLI and Azure PowerShell for steps to install and validate your shell environment of choice.

This query returns number of Azure resources that exist in the subscriptions that you have access to. It's also a good query to validate your shell of choice has the appropriate Azure Resource Graph components installed and in working order.

Resources | summarize count() Azure CLI Azure PowerShell Portal

By default, Azure CLI queries all accessible subscriptions but you can specify the --subscriptions parameter to query specific subscriptions.

az graph query -q "Resources | summarize count()"

This example uses a variable for the subscription ID.

subid=$(az account show --query id --output tsv) az graph query -q "Resources | summarize count()" --subscriptions $subid

You can also query by the scopes for management group and tenant. Replace <managementGroupId> and <tenantId> with your values.

az graph query -q "Resources | summarize count()" --management-groups '<managementGroupId>'

az graph query -q "Resources | summarize count()" --management-groups '<tenantId>'

You can also use a variable for the tenant ID.

tenantid=$(az account show --query tenantId --output tsv) az graph query -q "Resources | summarize count()" --management-groups $tenantid

This query uses count instead of summarize to count the number of records returned. Only key vaults are included in the count.

Resources | where type =~ 'microsoft.keyvault/vaults' | count Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'microsoft.keyvault/vaults' | count"

This query returns any type of resource, but only the name, type, and location properties. It uses order by to sort the properties by the name property in ascending (asc) order.

Resources | project name, type, location | order by name asc Azure CLI Azure PowerShell Portal

az graph query -q "Resources | project name, type, location | order by name asc"

To list only virtual machines (which are type Microsoft.Compute/virtualMachines), we can match the property type in the results. Similar to the previous query, desc changes the order by to be descending. The =~ in the type match tells Resource Graph to be case insensitive.

Resources | project name, location, type | where type =~ 'Microsoft.Compute/virtualMachines' | order by name desc Azure CLI Azure PowerShell Portal

az graph query -q "Resources | project name, location, type| where type =~ 'Microsoft.Compute/virtualMachines' | order by name desc"

This query uses top to only retrieve five matching records that are ordered by name. The type of the Azure resource is Microsoft.Compute/virtualMachines. project tells Azure Resource Graph which properties to include.

Resources | where type =~ 'Microsoft.Compute/virtualMachines' | project name, properties.storageProfile.osDisk.osType | top 5 by name desc Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | project name, properties.storageProfile.osDisk.osType | top 5 by name desc"

Building on the previous query, we're still limiting by Azure resources of type Microsoft.Compute/virtualMachines, but are no longer limiting the number of records returned. Instead, we used summarize and count() to define how to group and aggregate the values by property, which in this example is properties.storageProfile.osDisk.osType. For an example of how this string looks in the full object, see explore resources - virtual machine discovery.

Resources | where type =~ 'Microsoft.Compute/virtualMachines' | summarize count() by tostring(properties.storageProfile.osDisk.osType) Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | summarize count() by tostring(properties.storageProfile.osDisk.osType)"

A different way to write the same query is to extend a property and give it a temporary name for use within the query, in this case os. os is then used by summarize and count() as in the previous example.

Resources | where type =~ 'Microsoft.Compute/virtualMachines' | extend os = properties.storageProfile.osDisk.osType | summarize count() by tostring(os) Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | extend os = properties.storageProfile.osDisk.osType | summarize count() by tostring(os)"

Note

Be aware that while =~ allows case insensitive matching, use of properties (such as properties.storageProfile.osDisk.osType) in the query require the case to be correct. If the property is the incorrect case, a null or incorrect value is returned and the grouping or summarization would be incorrect.

Instead of explicitly defining the type to match, this example query finds any Azure resource that contains the word storage.

Resources | where type contains 'storage' | distinct type Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type contains 'storage' | distinct type"

This query returns a list of Azure virtual networks (VNets) including subnet names and address prefixes. Thanks to Saul Dolgin for the contribution.

Resources | where type == 'microsoft.network/virtualnetworks' | extend subnets = properties.subnets | mv-expand subnets | project name, subnets.name, subnets.properties.addressPrefix, location, resourceGroup, subscriptionId Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type == 'microsoft.network/virtualnetworks' | extend subnets = properties.subnets | mv-expand subnets | project name, subnets.name, subnets.properties.addressPrefix, location, resourceGroup, subscriptionId"

Similar to the previous query, find everything that is a type with the word publicIPAddresses. This query expands on that pattern to only include results where properties.ipAddress isnotempty, to only return the properties.ipAddress, and to limit the results by the top 100. You may need to escape the quotes depending on your chosen shell.

Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | project properties.ipAddress | limit 100 Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | project properties.ipAddress | limit 100"

Using the previous example query and adding summarize and count(), we can get a list by subscription of resources with configured IP addresses.

Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId"

We can limit the results by properties other than the Azure resource type, such as a tag. In this example, we're filtering for Azure resources with a tag name of Environment that have a value of Internal.

Resources | where tags.environment=~'internal' | project name Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where tags.environment=~'internal' | project name"

To also provide what tags the resource has and their values, add the property tags to the project keyword.

Resources | where tags.environment=~'internal' | project name, tags Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where tags.environment=~'internal' | project name, tags"

Combine the filter functionality of the previous example and filter Azure resource type by type property. This query also limits our search for specific types of Azure resources with a specific tag name and value.

Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where tags['tag with a space']=='Custom value' Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where tags['tag with a space']=='Custom value'"

Note

This example uses == for matching instead of the =~ conditional. == is a case sensitive match.

This query lists tags on management groups, subscriptions, and resources along with their values. The query first limits to resources where tags isnotempty(), limits the included fields by only including tags in the project, and mvexpand and extend to get the paired data from the property bag. It then uses union to combine the results from ResourceContainers to the same results from Resources, giving broad coverage to which tags are fetched. Last, it limits the results to distinct paired data and excludes system-hidden tags.

This query returns Network Security Groups (NSGs) that aren't associated to a network interface or subnet.

Resources | where type =~ "microsoft.network/networksecuritygroups" and isnull(properties.networkInterfaces) and isnull(properties.subnets) | project name, resourceGroup | sort by name asc Azure CLI Azure PowerShell Portal

az graph query -q "Resources | where type =~ 'microsoft.network/networksecuritygroups' and isnull(properties.networkInterfaces) and isnull(properties.subnets) | project name, resourceGroup | sort by name asc"

alertsmanagementresources | where type =~ 'microsoft.alertsmanagement/alerts'  | where todatetime(properties.essentials.startDateTime) >= ago(2h) and todatetime(properties.essentials.startDateTime) < now() | project Severity = tostring(properties.essentials.severity), MonitorCondition = tostring(properties.essentials.monitorCondition), ObjectState = tostring(properties.essentials.alertState), MonitorService = tostring(properties.essentials.monitorService), AlertRuleId = tostring(properties.essentials.alertRule), SignalType = tostring(properties.essentials.signalType), TargetResource = tostring(properties.essentials.targetResourceName), TargetResourceType = tostring(properties.essentials.targetResourceName), id  | summarize AlertsCount = count() by Severity, MonitorService , TargetResourceType Learn more about the query language. Learn more about how to explore resources. See samples of Advanced queries.

网址：Starter query samples https://klqsh.com/news/view/147855

⬅️上一篇：Azure Graph Quer

➡️下一篇：Quickstart: Run

Starter query samples

相关内容

随便看看

最新乐趣

热点乐趣

专题

推荐乐趣