Azure Resource Graph KQL - filter virtual machines having tags with given prefixes
We have a lot of virtual machines that we create in azure. Each virtual machine has tags. Keys for some of these tags are dynamically constructed. Such keys have a fixed prefix and a dynamic suffix. We wanted a way to filter all virtual machines which have 2 or more keys with given prefixes.
Consider the following Virtualmachines:
- VM1: {name: "vm-1", tags: {"bingo-1":1, "tringo-2":1, "key1": "value1"}}
- VM1: {name: "vm-1", tags: {"tringo-2":1, "key2": "value2"}}
- VM1: {name: "vm-1", tags: {"bingo-1":1, "key3": "value3"}}
Expected Output: vm-1 as that is the only VM which contains both the tag-key-prefixes.
Attempt: I got this working but this does not seem to be optimal as it calls bag_keys function twice.
resources
| where type =~ 'Microsoft.Compute/virtualMachines'
| where resourceGroup =~ 'test-resource-group'
| where bag_keys(tags) hasprefix "bingo-"
| where bag_keys(tags) hasprefix "tringo-"
| project name
This works as expected but at the cost of invoking bag_keys twice. Is there a more idiomatic and optimal way to achieve the same without calling bag_keys twice?
Instead of using two where operators, firstly I included
mv-expand operator to join tags into one record and then used an and to check and filter the tags of both prefixes to optimize your code.
resources
| where type =~ 'Microsoft.Compute/virtualMachines'
| where resourceGroup =~ '<resourcegroup>'
| mvexpand tags
| extend tagKey = tostring(bag_keys(tags)[0])
| extend tagValue = tostring(tags[tagKey])
| where tagKey hasprefix "creat" and tagKey hasprefix "cr"
| project name, tags, tagKey, tagValue
Update:
As given in comments, You can use extend operator. It creates a new column that contains all the keys in the tags object in this way.
extend tagKeys = bag_keys(tags)
| where tagKeys hasprefix "bingo-" and tagKeys hasprefix "tringo-"
Refer resource graph explorer query article by @John Kilmister for more related query samples.
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday