This a quick post to share a service I have discovered this week: Azure Resource Graph Explorer.
Apparently it has been around since a couple of years, but I have only found out about its existence this week. Let’s see how awesome this service is.
Basically it’s a service (living here in the portal) that let you query your Azure resources using KQL.
Until now when I needed to dig into my resources I used Azure Resource Explorer (from the dedicated site or from the portal), but I have never found it easy to use and was always wondering if I should start searching by providers or by subscriptions.
Using Azure Resource Graph is much easier and powerful, if you want to know more about how to get started with it I recommend checkout the documentation.
For now I have barely scratched the surface of the service but I can already share a couple of use-cases.
The first thing you can do right away is query your Azure resources, and the power of the tool is that you can do this across all the subscriptions you have access to. This is extremely useful in an enterprise environment with a bunch of subscriptions for your various landing zones (with the CLI or PowerShell, you have to change your context to achieve this).
With Azure Resource Graph, a simple KQL request on the
resources table will give you everything, and then you can refine the results by type, and do things like getting the number of VMs by size, location, etc.
This blog post is a great read to find out how you can query your resources using Graph Explorer.
Working with Azure Monitor, you often need to check the payload of an alert for troubleshooting reasons. Until now I was doing it with an action group and a webhook to a service like Webhook.site. But there is a better way.
From the Azure Monitor Alerts blade in the portal, select the occurrence of your alert and copy its id: I have cropped the screenshot and masked some details
Then go to the Azure Resource Graph Explorer blade, and copy this query with your alert id:
alertsmanagementresources | where ['id'] == '<YOUR ALERT ID HERE>'
Using this payload you can try to figure out why your processing rule is not catching your alert, or trigger manually your Logic App or Azure Function without waiting for your alert to occur.
That’s it for this post, I’ll try to do “quick tips” like in the future if I manage to write post… quickly.
In the meantime, go check out this service if you haven’t already 🤓