Azure - kql query show rgname and subscription

GiridharKumarJha
June 5, 2023
238 views
0 votes
2 Answers

How can we print subscriptionname,resousce groupname using kql query in azure log analytics
its showing vmname but need these details. this is kql query in azure log analytics

let start_time=startofday(datetime("2019-03-01 00:00:00 AM"));
let end_time=endofday(datetime("2019-03-31 11:59:59 PM"));
Heartbeat
| where TimeGenerated > start_time and TimeGenerated < end_time
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, start_time), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer 
| extend total_number_of_buckets=round((end_time-start_time)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets

Tags: azure kql

Answers

- FlorianVuillemot
- June 2, 2023 at 11:46 am
- 0 votes
0
The Azure Resource Graph seems more appropriate for retrieving this information.

Login or Signup to reply.

Thanks @VenkateshDodda for pointing towards the right direction. After making few changes, I ran below query with the given time stamp, and it worked as expected.

let starttime=startofday(datetime("2020-03-01 00:00:00 AM"));
let endtime=endofday(datetime("2023-06-05 11:59:59 PM"));
Heartbeat
| where TimeGenerated > starttime and TimeGenerated < endtime
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, starttime), Computer,ResourceGroup,SubscriptionId
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_avail_hours=countif(available_per_hour==true) by Computer,ResourceGroup,SubscriptionId
| extend total_number_of_buckets=round((endtime-starttime)/1h)
| extend availability_rate=total_avail_hours*100/total_number_of_buckets

Refer MSDoc for more relevant information.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – kql query show rgname and subscription

Answers