For the longest time I recommended using % Committed Bytes in Use memory metric for Windows Servers in Azure Monitor and Log Analytics. Sometime last year it was brought to my attention by one of our fantastic senior support members, that the metric might not be the best for alerting. % Committed Bytes In Use The …
Hello again, are you spending enough time in Azure Resource Graph (ARG) explorer? If not, you really should, there’s a treasure trove of data in there. The sad part is, either customers aren’t aware of it, or if they are the respective Product Groups aren’t doing a whole lot with the data. In particular with …
What a difference 3 years makes. Since my last Extracting nested fields post, I’ve learned a lot and thought it might be time to provide a new post with new examples and more ways to accomplish the same goal. Like the first version, but better! Operators, Functions & Dynamic Types, Oh my! There are a number …
In my previous post I talked about how we can now query Azure Resource Graph data with Log Analytics. The purpose of that addition was to be able to alert on Azure Resource Graph data with Azure Monitor Alerts. In this post I’ll show exactly what you need to be able to create alerts in …
Have you ever wanted to filter resources in Log Analytics by resource tags? Or wanted to query Azure Resource Graph data with a broader set of KQL? Well, do I have some news for you. Now we can query Azure Resource Graph directly from Log Analytics. I was fortunate enough to be a small part …
Have you tried to get data on exemptions in your environment? Only to find they’re not in Azure Resource Graph, like policies, assignments and their states. Previously you would have to queried the API, which is limited to querying one subscription at a time. Not exactly “cloud scale.” Sometime in the last few weeks “microsoft.authorization/policyexemptions” …
The evaluate operator is fantastic tool in your Kusto tool belt. So much so that I have requested several times that it get added to Azure Resource Graph. However, the Evaluate Operator itself won’t run anything. You have to add one of its Plugins behind it. In this post I’ll show you how to use …