stackoom
  简体   繁体   中英

KQL :: return only tags with more than 4 records

 原文  2023-01-16 17:19:24       kql/ azure-resource-graph

Question

I have created a Kusto query that allows me to return all our database park. The query only takes 10 lines of code:

Resources
| join kind=inner (
    resourcecontainers
    | where type == 'microsoft.resources/subscriptions'
    | project subscriptionId, subscriptionName = name)
    on subscriptionId
| where subscriptionName in~ ('Subscription1','Subscription2')
| where type =~ 'microsoft.sql/servers/databases'
| where name != 'master'
| project  subscriptionName, resourceGroup, name, type, location,sku.tier, properties.requestedServiceObjectiveName, tags.customerCode

By contract we are supposed to give only 4 Azure SQL Database per customer but sometimes developers take a copy of them and they rename it _old or _backup and suddenly a customer can have 5 or 6 databases.

This increase the overall costs of the Cloud and I would like to have a list of all customers that have more than 4 databases.

In order to do so I can use the tag tags.customerCode which has the 3 letters identifier for each customer.

The code should work like this: if a customer is called ABC and there are 4 Azure SQL Databases with tags.customerCode ABC the query should return nothing. If there are 5 or 6 databases with tags.customerCode ABC the query should return all of them.

Not sure if Kusto can be that flexible.

1 answers

solution1
 1 ACCPTED  2023-01-16 18:27:32

Here is a possible solution.
It should be noted that Azure resource graph supports only a limited subset of KQL.

resourcecontainers 
| where     type == 'microsoft.resources/subscriptions'
        //and name in~ ('Subscription1','Subscription2')
| project subscriptionId, subscriptionName = name
| join kind=inner  
  (
    resources
    | where     type =~ 'microsoft.sql/servers/databases'
            and name != 'master'
  )
  on  subscriptionId            
| project   subscriptionId, subscriptionName, resourceGroup, name, type, location
           ,tier                            = sku.tier
           ,requestedServiceObjectiveName   = properties.requestedServiceObjectiveName
           ,customerCode                    = tostring(tags.customerCode)    
| summarize dbs = count(), details = make_list(pack_all()) by customerCode
| where dbs > 4
| mv-expand with_itemindex=db_seq ['details']
| project   customerCode
           ,dbs
           ,db_seq = db_seq + 1
           ,subscriptionId                  = details.subscriptionId
           ,subscriptionName                = details.subscriptionName
           ,resourceGroup                   = details.resourceGroup
           ,name                            = details.name
           ,type                            = details.type
           ,location                        = details.location
           ,tier                            = details.tier
           ,requestedServiceObjectiveName   = details.requestedServiceObjectiveName

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create a new table that only keeps rows with more than 5 data records under the same id in Bigquery KQL query to only join tables with a column value KQL / Azure Resource Graph Explorer: combine values from multiple records How to return all records having only integer values in a specific column? How to store more than 100 records using cosmos batch from azure cosmos db using query KQL - Check value every hour to see if it's higher than the week average How to find which pod is taking more data ingestion in AKS cluster using kql query? WSO2 REST API: How to return more than one row in the GET request Azure python sdk storage table backup table Return more than 1000 rows Retrieving more than one blob when using "When a blob is added or modified (properties only) (V2)"
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM