{
"version": "Notebook/1.0",
"items": [
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"parameters": [
{
"id": "199eea3c-8bcd-476b-9725-bd30f531678a",
"version": "KqlParameterItem/1.0",
"name": "Subscription",
"label": "Subscriptions",
"type": 6,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ",",
"value": [
"value::all"
],
"typeSettings": {
"additionalResourceOptions": [
"value::all"
],
"includeAll": true,
"showDefault": false
}
},
{
"id": "c3fd835c-236d-4fbe-ad09-5cdd41462fa5",
"version": "KqlParameterItem/1.0",
"name": "ResourceGroup",
"label": "Resource Group",
"type": 5,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ",",
"query": "resourcecontainers\r\n| where type == "microsoft.resources/subscriptions/resourcegroups"\r\n| project name",
"crossComponentResources": [
"{Subscription}"
],
"value": [
"value::all"
],
"typeSettings": {
"additionalResourceOptions": [
"value::all"
],
"showDefault": false
},
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
{
"id": "f41ba5f7-61b4-457e-8700-2e4e70d69264",
"version": "KqlParameterItem/1.0",
"name": "LogAnalyticsWorkspace",
"label": "Log Analytics Workspace",
"type": 5,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ",",
"query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| summarize by id, name\r\n| project id",
"crossComponentResources": [
"value::all"
],
"typeSettings": {
"additionalResourceOptions": [
"value::all"
],
"showDefault": false
},
"defaultValue": "value::all",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"value": [
"value::all"
]
},
{
"id": "bd401b11-047b-4fa5-9a5d-6eef4d5195d4",
"version": "KqlParameterItem/1.0",
"name": "timerange",
"label": "Time Range",
"type": 4,
"value": {
"durationMs": 86400000
},
"typeSettings": {
"selectableValues": [
{
"durationMs": 3600000
},
{
"durationMs": 14400000
},
{
"durationMs": 43200000
},
{
"durationMs": 86400000
},
{
"durationMs": 259200000
},
{
"durationMs": 604800000
},
{
"durationMs": 1209600000
},
{
"durationMs": 2419200000
},
{
"durationMs": 2592000000
},
{
"durationMs": 5184000000
},
{
"durationMs": 7776000000
}
]
}
}
],
"style": "pills",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "parameters - 0"
},
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "f8592a17-308d-4e87-84ef-db28bf73278c",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Azure AD",
"subTarget": "Azure AD",
"style": "link"
},
{
"id": "4f021ba0-c362-461c-9dd4-bf60f6d69173",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "AKS",
"subTarget": "AKS",
"style": "link"
},
{
"id": "3e4db63a-6f04-43bc-92eb-db254c24b1e4",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Virtual Machines",
"subTarget": "Virtual Machines",
"style": "link"
},
{
"id": "09d80d03-14c3-4d30-8c41-b04298948227",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Databases",
"subTarget": "Database",
"style": "link"
},
{
"id": "5e240dbe-3389-4585-83c6-16052251368a",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Azure Firewall",
"subTarget": "Azure Firewall",
"style": "link"
}
]
},
"name": "links - 3"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Azure Active Directory\r\n\r\nThis section is dedicated to give an overall view and health of Active Directory. Some of the information presented here require additional logging configuration at your Azure Active Directory Monitoring blade. For more information regarding Azure Active Directory, click the following link: What is Azure Active Directory?."
},
"name": "text - 6"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SigninLogs\r\n| summarize toint(count(UserPrincipalName)) by bin(TimeGenerated, 5m),OperationName\r\n| render timechart",
"size": 1,
"title": "Current Sign-In",
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
]
},
"customWidth": "50",
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SigninLogs\r\n| summarize toint(count(UserPrincipalName)) by bin(TimeGenerated, 1d),OperationName",
"size": 1,
"title": "Daily Sign-In",
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"visualization": "barchart"
},
"customWidth": "50",
"name": "query - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SigninLogs\r\n| where isnotnull (LocationDetails.city)\r\n| summarize arg_max(CorrelationId, *) by CorrelationId\r\n| project ["City"]= LocationDetails.city, LocationDetails.geoCoordinates.longitude, LocationDetails.geoCoordinates.latitude",
"size": 2,
"title": "Sign-In Heat Map",
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"visualization": "map",
"mapSettings": {
"locInfo": "LatLong",
"latitude": "LocationDetails_geoCoordinates_latitude",
"longitude": "LocationDetails_geoCoordinates_longitude",
"sizeAggregation": "Sum",
"labelSettings": "City",
"legendMetric": "City",
"legendAggregation": "Count",
"itemColorSettings": {
"nodeColorField": "City",
"colorAggregation": "Count",
"type": "heatmap",
"heatmapPalette": "hotCold"
}
}
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SigninLogs\r\n| project TimeGenerated,OperationName,["Country"]= LocationDetails.countryOrRegion,["State"]= LocationDetails.state,["City"]= LocationDetails.city,["Device Details"]=DeviceDetail.operatingSystem,["App"]=ClientAppUsed,["App Details"]=DeviceDetail.browser,["Access"]=AppDisplayName,IPAddress,UserPrincipalName",
"size": 0,
"showAnalytics": true,
"title": "Sign-In Details",
"timeContextFromParameter": "timerange",
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"gridSettings": {
"rowLimit": 10000,
"filter": true
}
},
"name": "query - 3"
}
]
},
"name": "Sign-In SubTab"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "tes"
},
"name": "text - 0"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "Users"
},
"name": "SubTab-Users"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Azure AD"
},
"name": "Sign-In"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Azure Virtual Machines"
},
"name": "text - 3"
},
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "670b43a6-84d2-4d6c-95f6-709d725090f1",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "Virtual Machines",
"subTarget": "Virtual Machines",
"preText": "Virtual Machines",
"postText": "Virtual ",
"style": "link"
},
{
"id": "b6570952-10ee-4894-8113-b85e0d8c55f5",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "VM Disks",
"subTarget": "VM Disks",
"style": "link"
}
]
},
"name": "links - 1"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/virtualmachines"\r\n| summarize count() by tostring(properties.extended.instanceView.powerState.displayStatus)",
"size": 1,
"title": "VMs by State",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "properties_extended_instanceView_powerState_displayStatus",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"customWidth": "25",
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/virtualmachines"\r\n| summarize count() by tostring(properties.storageProfile.osDisk.osType)",
"size": 1,
"title": "VMs by Operating System",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "properties_storageProfile_osDisk_osType",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"customWidth": "25",
"name": "query - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/virtualmachines"\r\n| summarize count() by tostring(properties.hardwareProfile.vmSize)",
"size": 1,
"title": "VMs by Size",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "piechart"
},
"customWidth": "50",
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/virtualmachines"\r\n| summarize count() by resourceGroup",
"size": 0,
"title": "VMs by Resource Group",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "barchart"
},
"name": "query - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/virtualmachines"\r\n| project ["Resource Group"]=resourceGroup,["VM Name"]=name,["VM State"]=properties.extended.instanceView.powerState.displayStatus,["Location"]=location,["VM Size"]=properties.hardwareProfile.vmSize,["Operating System"]=properties.storageProfile.osDisk.osType,["Local Admin"]=properties.osProfile.adminUsername",
"size": 0,
"title": "Virtual Machine Details",
"showExportToExcel": true,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"rowLimit": 10000,
"filter": true,
"sortBy": [
{
"itemKey": "Resource Group",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "Resource Group",
"sortOrder": 1
}
]
},
"name": "query - 5"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "Virtual Machines"
},
"name": "VMs"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/disks" \r\n| summarize count() by tostring(properties.diskState)",
"size": 0,
"title": "Disks by State",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "properties_diskState",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "hotCold"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"showBorder": false
}
},
"customWidth": "50",
"name": "query - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/disks"\r\n| where isnotnull(properties.tier)\r\n| summarize count() by tostring(properties.tier)",
"size": 0,
"title": "Disks by Tier",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "properties_tier",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
},
"emptyValCustomText": "P0"
}
},
"showBorder": false
}
},
"customWidth": "50",
"name": "query - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.compute/disks" \r\n| project ["Resource Group"]=resourceGroup, ["Disk Name"]=name, ["Location"]=location, ["Disk State"]=properties.diskState, ["Disk Size (GB)"]=properties.diskSizeGB, ["Disk IOPS Limit"]=properties.diskIOPSReadWrite, ["Disk MBps"]=properties.diskMBpsReadWrite",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Disk State",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Attached",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Reserved",
"representation": "yellow",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Unattached",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 1"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "VM Disks"
},
"name": "Disk"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Virtual Machines"
},
"name": "Virtual Machines"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Azure Kubernetes Service\r\n
\r\nThis section is dedicated to give an overall view and health of Azure Kubernetes Service (AKS) Clusters, Pods and Services.\r\n
\r\n
\r\n
"
},
"name": "text - 1"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"crossComponentResources": [
"{Subscription}"
],
"parameters": [
{
"id": "d8254a88-6fd1-4c91-a120-38102e17c317",
"version": "KqlParameterItem/1.0",
"name": "AKSCluster",
"label": "AKS Cluster",
"type": 5,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ",",
"query": "resources\r\n| where type == "microsoft.containerservice/managedclusters"\r\n| project id",
"crossComponentResources": [
"{Subscription}"
],
"typeSettings": {
"additionalResourceOptions": [],
"showDefault": false
},
"timeContext": {
"durationMs": 86400000
},
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"value": []
}
],
"style": "formHorizontal",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
"name": "parameters - 3"
},
{
"type": 1,
"content": {
"json": "
"
},
"name": "text - 5"
},
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "6a12e15a-9bae-449c-9ce5-7992f1807b0c",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "Clusters",
"subTarget": "Clusters",
"style": "link"
},
{
"id": "cc911769-c1b8-48f3-9729-52747cf285f5",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "Pods",
"subTarget": "Pods",
"style": "link"
}
]
},
"name": "links - 9"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "
\r\n## Kubernetes clusters\r\n
\r\nFor more information access: Azure Kubernetes Cluster Architecture\r\n
"
},
"name": "text - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.containerservice/managedclusters"\r\n| where id in (dynamic([{AKSCluster}]))\r\n| extend dr = properties['agentPoolProfiles']\r\n| mv-expand dr\r\n| project ["Name"]=name,["Current Nodes"]=dr.["count"]",
"size": 1,
"title": "Nodes per Cluster",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "Name",
"formatter": 1
},
"subtitleContent": {
"columnMatch": "Current Nodes",
"formatter": 12,
"formatOptions": {
"palette": "auto"
}
},
"showBorder": false,
"sortCriteriaField": "Current Nodes",
"sortOrderField": 2,
"size": "auto"
}
},
"customWidth": "50",
"name": "query - 7"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.containerservice/managedclusters"\r\n| where id in (dynamic([{AKSCluster}]))\r\n| summarize Cont=dcount(name) by tostring(properties.kubernetesVersion)",
"size": 1,
"title": "Clusters per Version",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "properties_kubernetesVersion",
"formatter": 1
},
"subtitleContent": {
"columnMatch": "Cont",
"formatter": 12,
"formatOptions": {
"palette": "auto"
}
},
"showBorder": false
}
},
"customWidth": "50",
"name": "query - 7"
},
{
"type": 10,
"content": {
"chartId": "workbook9c8f7743-f082-4f58-80ea-960599b502aa",
"version": "MetricsItem/2.0",
"size": 1,
"chartType": 2,
"resourceType": "microsoft.containerservice/managedclusters",
"metricScope": 0,
"resourceParameter": "AKSCluster",
"resourceIds": [
"{AKSCluster}"
],
"timeContextFromParameter": "timerange",
"timeContext": {
"durationMs": 86400000
},
"metrics": [
{
"namespace": "insights.container/nodes",
"metric": "insights.container/nodes--cpuUsagePercentage",
"aggregation": 4,
"splitBy": null
}
],
"title": "CPU % per Cluster",
"gridSettings": {
"rowLimit": 10000
}
},
"customWidth": "50",
"name": "metric - 4"
},
{
"type": 10,
"content": {
"chartId": "workbook43c744d3-5ceb-4b46-8d1c-d584f6087e7f",
"version": "MetricsItem/2.0",
"size": 1,
"chartType": 2,
"resourceType": "microsoft.containerservice/managedclusters",
"metricScope": 0,
"resourceParameter": "AKSCluster",
"resourceIds": [
"{AKSCluster}"
],
"timeContextFromParameter": "timerange",
"timeContext": {
"durationMs": 86400000
},
"metrics": [
{
"namespace": "insights.container/nodes",
"metric": "insights.container/nodes--memoryWorkingSetPercentage",
"aggregation": 4,
"splitBy": null
}
],
"title": "Memory % per Cluster",
"gridSettings": {
"rowLimit": 10000
}
},
"customWidth": "50",
"name": "metric - 4"
},
{
"type": 10,
"content": {
"chartId": "workbook5c1d01e1-0af5-45f2-9af8-7d9acc53bd78",
"version": "MetricsItem/2.0",
"size": 1,
"chartType": 2,
"resourceType": "microsoft.containerservice/managedclusters",
"metricScope": 0,
"resourceParameter": "AKSCluster",
"resourceIds": [
"{AKSCluster}"
],
"timeContextFromParameter": "timerange",
"timeContext": {
"durationMs": 86400000
},
"metrics": [
{
"namespace": "insights.container/nodes",
"metric": "insights.container/nodes--DiskUsedPercentage",
"aggregation": 4,
"splitBy": null
}
],
"title": "Disk Used % per Cluster",
"gridSettings": {
"rowLimit": 10000
}
},
"customWidth": "50",
"name": "metric - 6"
},
{
"type": 10,
"content": {
"chartId": "workbookb794d8a2-89e5-4774-8b63-efc967b51d37",
"version": "MetricsItem/2.0",
"size": 1,
"chartType": 2,
"resourceType": "microsoft.containerservice/managedclusters",
"metricScope": 0,
"resourceParameter": "AKSCluster",
"resourceIds": [
"{AKSCluster}"
],
"timeContext": {
"durationMs": 3600000
},
"metrics": [
{
"namespace": "insights.container/nodes",
"metric": "insights.container/nodes--memoryRssPercentage",
"aggregation": 4,
"splitBy": null
}
],
"title": "Memory Rss % per Cluster",
"gridSettings": {
"rowLimit": 10000
}
},
"customWidth": "50",
"name": "metric - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.containerservice/managedclusters" \r\n| where id in (dynamic([{AKSCluster}]))\r\n| extend dr = properties['agentPoolProfiles']\r\n| mv-expand dr\r\n| project ["Resource Group"]=resourceGroup,["Cluster Name"]=name,["Kubernetes Version"]=properties.kubernetesVersion,["Node Pool Name"]=dr.name,["Auto Scalling"]=dr.enableAutoScaling,["Virtual Machine OS"]=dr.osType,["Virtual Machine Size"]=dr.vmSize,["Current Nodes"]=dr.["count"],["Max Nodes"]=dr.maxCount,["Min Nodes"]=dr.minCount,["Location"]=location,["Availability Zones"]=zones,["API Server Address"]=properties.fqdn",
"size": 0,
"title": "Kubernetes Clusters",
"showExportToExcel": true,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "table",
"gridSettings": {
"formatters": [
{
"columnMatch": "Cluster Name",
"formatter": 1
},
{
"columnMatch": "Kubernetes Version",
"formatter": 1
},
{
"columnMatch": "Node Pool Name",
"formatter": 1
},
{
"columnMatch": "Auto Scalling",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "icons",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "true",
"representation": "success",
"text": "Enabled"
},
{
"operator": "is Empty",
"representation": "failed",
"text": "Disabled"
},
{
"operator": "==",
"thresholdValue": "false",
"representation": "failed",
"text": "Disabled"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "failed",
"text": "Disabled"
}
]
}
},
{
"columnMatch": "Virtual Machine OS",
"formatter": 1
},
{
"columnMatch": "Virtual Machine Size",
"formatter": 1
},
{
"columnMatch": "Current Nodes",
"formatter": 1
},
{
"columnMatch": "Max Nodes",
"formatter": 1
},
{
"columnMatch": "Min Nodes",
"formatter": 1
},
{
"columnMatch": "Location",
"formatter": 1
},
{
"columnMatch": "Availability Zones",
"formatter": 1
},
{
"columnMatch": "API Server Address",
"formatter": 1
},
{
"columnMatch": "Current Node Count",
"formatter": 1
},
{
"columnMatch": "Max Node Count",
"formatter": 1
},
{
"columnMatch": "Min Node Count",
"formatter": 1
}
],
"rowLimit": 10000,
"filter": true
}
},
"name": "query - 0"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "Clusters"
},
"name": "AKS-Cluster"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "
\r\n## AKS Pods\r\n
\r\nFor more information access: Azure Kubernetes Pods"
},
"name": "text - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let AKSCluster = dynamic([{AKSCluster}]);\r\nKubePodInventory \r\n| where Namespace != 'kube-system' and ClusterId in~ (AKSCluster)\r\n| summarize arg_max(TimeGenerated,PodRestartCount) by Name\r\n| project PodRestartCount, ["Pod"]=Name",
"size": 2,
"title": "Restart Count per Pod",
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "Pod",
"formatter": 1
},
"leftContent": {
"columnMatch": "PodRestartCount",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
},
"showBorder": false,
"sortCriteriaField": "PodRestartCount",
"sortOrderField": 2
}
},
"name": "query - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let AKSCluster = dynamic({AKSCluster});\r\n\r\nKubeEvents \r\n| where ObjectKind == 'Pod' and ClusterId in~ (AKSCluster)\r\n| summarize max(LastSeen),max(Count) by ClusterName,Namespace,Name, KubeEventType, Message\r\n| where max_LastSeen {timerange:value}\r\n| project max_LastSeen,ClusterName,Namespace,Name,KubeEventType,max_Count,Message\r\n| order by max_LastSeen desc",
"size": 0,
"title": "Last Errors Events",
"timeContextFromParameter": "timerange",
"exportFieldName": "Name",
"exportParameterName": "PodName",
"exportDefaultValue": " ",
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
]
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let AKSCluster = dynamic([{AKSCluster}]);\r\nKubePodInventory\r\n| where ClusterId in~ (AKSCluster)\r\n| summarize arg_max(TimeGenerated,PodRestartCount) by Name,ClusterName,Namespace,PodStatus,PodIp,PodStartTime\r\n| summarize arg_max(TimeGenerated, PodStatus) by ClusterName,Namespace,Name,PodIp,PodStartTime,\r\nPodRunningTime=(TimeGenerated - PodStartTime),PodRestartCount\r\n| project TimeGenerated,ClusterName, Namespace, Name, PodStatus, PodRestartCount ,PodRunningTime,PodIp",
"size": 0,
"title": "Pod Status",
"timeContextFromParameter": "timerange",
"exportFieldName": "Name",
"exportParameterName": "PodName",
"exportDefaultValue": " ",
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "PodStatus",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Failed",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Terminating",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Running",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Pending",
"representation": "yellow",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
}
],
"rowLimit": 1000,
"filter": true,
"sortBy": [
{
"itemKey": "TimeGenerated",
"sortOrder": 2
}
],
"labelSettings": [
{
"columnId": "ClusterName",
"label": "Cluster Name"
},
{
"columnId": "Name",
"label": "Pod name"
},
{
"columnId": "PodStatus",
"label": "Pod Status"
},
{
"columnId": "PodIp",
"label": "Pod IP"
}
]
},
"sortBy": [
{
"itemKey": "TimeGenerated",
"sortOrder": 2
}
]
},
"name": "query - 0"
},
{
"type": 1,
"content": {
"json": "
"
},
"name": "text - 7"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let PodName1 = @"{PodName}";\r\nContainerLog\r\n| where TimeGenerated {timerange}\r\n| join kind=leftouter (\r\n KubePodInventory\r\n | where TimeGenerated {timerange}\r\n | summarize by ContainerID,Name\r\n ) on ContainerID\r\n| where Name1 == PodName1\r\n| summarize by TimeGenerated,Name1,LogEntry\r\n| order by TimeGenerated desc",
"size": 0,
"title": "Pod Log",
"timeContextFromParameter": "timerange",
"showRefreshButton": true,
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "LogEntry",
"formatter": 0,
"formatOptions": {
"customColumnWidthSetting": "80%"
}
}
],
"rowLimit": 500,
"labelSettings": [
{
"columnId": "Name1",
"label": "Pod Name"
}
]
}
},
"name": "query - 3"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "Pods"
},
"name": "AKSPods"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "AKS"
},
"name": "AKS"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Databases\r\n
\r\nFor more information regarding Types of Databases on Azure, please access: Types of Databases on Azure\r\n
"
},
"name": "text - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.sql/servers/databases" or type == "microsoft.dbformysql/servers" or type == "microsoft.dbforpostgresql/servers" or type == "microsoft.dbformariadb/servers"\r\n| extend Database=replace(@'microsoft.sql/servers/databases',@'SQL Database',type)\r\n| extend Database1=replace(@'microsoft.dbformysql/servers',@'MySQL Database',Database)\r\n| extend Database2=replace(@'microsoft.dbforpostgresql/servers',@'DB for PostgreSQL',Database1)\r\n| extend Database3=replace(@'microsoft.dbformariadb/servers',@'MariaDB',Database2)\r\n| summarize count() by Database3",
"size": 4,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "Database3",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
},
"showBorder": false,
"sortCriteriaField": "count_",
"sortOrderField": 2
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "Database3",
"formatter": 1
},
"centerContent": {
"columnMatch": "count_",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"name": "query - 3"
},
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "ab9bc889-bed1-47bb-acfc-b55bcdf1c456",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "SQL",
"subTarget": "SQL",
"preText": "SQL",
"style": "link"
},
{
"id": "15723e0e-f941-4c96-9781-3c0b1992c603",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "MySQL",
"subTarget": "MySQL",
"style": "link"
},
{
"id": "6f189f7f-7f27-4c05-92bc-6238d6255da1",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "PostgreSQL",
"subTarget": "PostgreSQL",
"style": "link"
},
{
"id": "69560e8c-5831-416f-8c6a-09de4fd38f49",
"cellValue": "SubTab",
"linkTarget": "parameter",
"linkLabel": "MariaDB",
"subTarget": "MariaDB",
"style": "link"
}
]
},
"name": "links - 0"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## SQL\r\n
\r\nAzure SQL is a family of managed, secure, and intelligent products that use the SQL Server database engine in the Azure cloud.\r\n
\r\nIn Azure, you can have your SQL Server workloads running as a hosted service (PaaS), or a hosted infrastructure (IaaS). For more information: What is Azure SQL?\r\n
"
},
"name": "text - 1"
},
{
"type": 1,
"content": {
"json": "#### SQL Servers"
},
"name": "text - 3"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.sql/servers"\r\n| project ["Resource Group"]=resourceGroup,["SQL Server Name"]=name,["Version"]=properties.version,["Location"]=location,["Internet Access"]=properties.publicNetworkAccess,["Fully Qualified Domain Name"]=properties.fullyQualifiedDomainName,["Admin"]=properties.administratorLogin",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Internet Access",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "green",
"text": "Disabled"
}
]
}
}
]
}
},
"name": "query - 4"
},
{
"type": 1,
"content": {
"json": "#### SQL Databases"
},
"name": "text - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.sql/servers/databases" and name != 'master'\r\n| project ["Resource Group"]=resourceGroup,["Database"]=name,["Status"]=properties.status,["SKU Tier"]=sku.tier,["SKU Family"]=sku.family,["DTU Capacity"]=sku.capacity,["Max Size (GB)"]=(((properties.maxSizeBytes)/1024)/1024)/1024,["Location"]=location,["Storage Type"]=properties.storageAccountType,["Collation"]=properties.collation,["Zone Redundant"]=properties.zoneRedundant",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Status",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Paused",
"representation": "yellow",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Online",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 0"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "SQL"
},
"name": "SQL"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## MySQL\r\n
\r\nAzure Database for MySQL is a relational database service in the Microsoft cloud based on the MySQL Community Edition (available under the GPLv2 license) database engine, versions 5.6, 5.7, and 8.0.\r\nWhat is Azure Database for MySQL?\r\n
"
},
"name": "text - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.dbformysql/servers"\r\n| project ["Resource Group"]=resourceGroup,["SQL Server Name"]=name,["Version"]=properties.version,["Location"]=location,["SKU Tier"]=sku.tier,["SKU Family"]=sku.family,["DTU Capacity"]=sku.capacity,["Internet Access"]=properties.publicNetworkAccess,["Storage (GB)"]=(properties.storageProfile.storageMB/1024),["Autogrow"]=properties.storageProfile.storageAutogrow,["GeoRedundant"]=properties.storageProfile.geoRedundantBackup,["Backup Retention (Days)"]=properties.storageProfile.backupRetentionDays,["Encryption"]=properties.infrastructureEncryption,["SSL"]=properties.sslEnforcement,["Fully Qualified Domain Name"]=properties.fullyQualifiedDomainName,["Admin"]=properties.administratorLogin",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Internet Access",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "Autogrow",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "Encryption",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "SSL",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 0"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "MySQL"
},
"name": "MySQL"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## PostgreSQL\r\n
\r\nAzure Database for PostgreSQL is a relational database service in the Microsoft cloud based on the PostgreSQL Community Edition (available under the GPLv2 license) database engine. What is Azure Database for PostgreSQL?\r\n
"
},
"name": "text - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.dbforpostgresql/servers"\r\n| project ["Resource Group"]=resourceGroup,["SQL Server Name"]=name,["Version"]=properties.version,["Location"]=location,["SKU Tier"]=sku.tier,["SKU Family"]=sku.family,["DTU Capacity"]=sku.capacity,["Internet Access"]=properties.publicNetworkAccess,["Storage (GB)"]=(properties.storageProfile.storageMB/1024),["Autogrow"]=properties.storageProfile.storageAutogrow,["GeoRedundant"]=properties.storageProfile.geoRedundantBackup,["Backup Retention (Days)"]=properties.storageProfile.backupRetentionDays,["Encryption"]=properties.infrastructureEncryption,["SSL"]=properties.sslEnforcement,["Fully Qualified Domain Name"]=properties.fullyQualifiedDomainName,["Admin"]=properties.administratorLogin",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Internet Access",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "Autogrow",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "GeoRedundant",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "Encryption",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "SSL",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Enabled",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Disabled",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 0"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "PostgreSQL"
},
"name": "PostgreSQL"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "## MariaDB\r\n
\r\nAzure Database for MariaDB is a relational database service in the Microsoft cloud. Azure Database for MariaDB is based on the MariaDB community edition (available under the GPLv2 license) database engine, version 10.2 and 10.3. What is Azure Database for MariaDB?\r\n
"
},
"name": "text - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.dbformariadb/servers"\r\n| project ["Resource Group"]=resourceGroup,["SQL Server Name"]=name,["Version"]=properties.version,["Location"]=location,["SKU Tier"]=sku.tier,["SKU Family"]=sku.family,["DTU Capacity"]=sku.capacity,["Internet Access"]=properties.publicNetworkAccess,["Storage (GB)"]=(properties.storageProfile.storageMB/1024),["Autogrow"]=properties.storageProfile.storageAutogrow,["GeoRedundant"]=properties.storageProfile.geoRedundantBackup,["Backup Retention (Days)"]=properties.storageProfile.backupRetentionDays,["Encryption"]=properties.infrastructureEncryption,["SSL"]=properties.sslEnforcement,["Fully Qualified Domain Name"]=properties.fullyQualifiedDomainName,["Admin"]=properties.administratorLogin",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
]
},
"name": "query - 1"
}
]
},
"conditionalVisibility": {
"parameterName": "SubTab",
"comparison": "isEqualTo",
"value": "MariaDB"
},
"name": "MariaDB"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Database"
},
"name": "Databases"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Azure Firewall"
},
"name": "text - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "AzureMetrics \r\n| where MetricName == 'FirewallHealth'\r\n| summarize ["Firewall Health"]=avg(Minimum) by Resource",
"size": 1,
"aggregation": 3,
"title": "Firewall Health",
"timeContext": {
"durationMs": 86400000
},
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"visualization": "tiles",
"tileSettings": {
"titleContent": {
"columnMatch": "Resource",
"formatter": 1
},
"leftContent": {
"columnMatch": "Firewall Health",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 1,
"options": {
"style": "decimal",
"useGrouping": false,
"maximumFractionDigits": 0,
"maximumSignificantDigits": 1
}
}
},
"showBorder": false
}
},
"customWidth": "50",
"name": "query - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "AzureMetrics \r\n| where MetricName == 'SNATPortUtilization'\r\n| summarize by bin(TimeGenerated,10m),Resource,["SNATPortUtilization"]=Count",
"size": 1,
"aggregation": 2,
"title": "SNAT Port Utilization",
"timeContext": {
"durationMs": 86400000
},
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"visualization": "timechart",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "Resource",
"formatter": 1
},
"leftContent": {
"columnMatch": "SNATPortUtilization",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"customWidth": "50",
"name": "query - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "AzureMetrics \r\n| where MetricName == 'DataProcessed'\r\n| summarize ["Data Processed (Bytes)"]=sum(Total) by bin(TimeGenerated,10m),Resource\r\n| render timechart ",
"size": 1,
"title": "Data Processed",
"timeContext": {
"durationMs": 86400000
},
"timeContextFromParameter": "timerange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
]
},
"name": "query - 3"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == "microsoft.network/azurefirewalls"\r\n| join kind=leftouter (resources\r\n\t| where type == "microsoft.network/azurefirewalls"\r\n\t| extend rul=properties.natRuleCollections\r\n\t| mv-expand rul\r\n\t| extend rul2=rul.properties.rules\r\n\t| mv-expand rul2\r\n\t| summarize NATCount=count(rul2.name) by id)\r\n\ton $left.id == $right.id\r\n| join kind=leftouter (resources\r\n\t| where type == "microsoft.network/azurefirewalls"\r\n\t| extend rul=properties.firewallPolicy\r\n\t| mv-expand rul\r\n\t| summarize POLCount=count(rul.id) by id)\r\n\ton $left.id == $right.id\r\n| join kind=leftouter (resources\r\n\t| where type == "microsoft.network/azurefirewalls"\r\n\t| extend rul=properties.networkRuleCollections\r\n\t| mv-expand rul\r\n\t| summarize NETCount=count(rul.id) by id)\r\n\ton $left.id == $right.id\r\n| project["Resource Group"]=resourceGroup,["Name"]=name,["Location"]=location,["SKU"]=tostring(properties.sku.tier),["Threat Intel Mode"]=properties.threatIntelMode,NATCount,POLCount,NETCount",
"size": 0,
"title": "Azure Firewall",
"exportFieldName": "Name",
"exportParameterName": "AzFirewall",
"exportDefaultValue": " ",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
]
},
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "AzureDiagnostics \r\n| where ResourceType == 'AZUREFIREWALLS'\r\n| project TimeGenerated,Resource,Category,msg_s\r\n| order by TimeGenerated desc",
"size": 0,
"title": "Firewall Log",
"timeContext": {
"durationMs": 86400000
},
"timeContextFromParameter": "timerange",
"showRefreshButton": true,
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"crossComponentResources": [
"{LogAnalyticsWorkspace}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "msg_s",
"formatter": 0,
"formatOptions": {
"customColumnWidthSetting": "70%"
}
}
],
"rowLimit": 500,
"filter": true,
"labelSettings": [
{
"columnId": "TimeGenerated"
},
{
"columnId": "Resource",
"label": "Firewall"
},
{
"columnId": "Category",
"label": "Log Category"
},
{
"columnId": "msg_s",
"label": "Message"
}
]
}
},
"name": "query - 2"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Azure Firewall"
},
"name": "AzFirewall"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "AzureXRay - Version 0.1.5",
"style": "info"
},
"name": "text - 6",
"styleSettings": {
"showBorder": true
}
},
{
"type": 1,
"content": {
"json": "Disclaimer: The information provided in this workbook is provided 'as-is' and is intended for information purposes only. The information present at the workbook is licensed 'as-is'. You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement. Any feedback or improvements feel free to email me at: Claudio Merola.",
"style": "warning"
},
"name": "text - 0"
}
]
},
"name": "Disclaimer"
}
],
"fallbackResourceIds": [
"Azure Monitor"
],
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}