I need to find equivalent of Azure Search-AzGraph -Query "Resources | summarize count()" equivalent on GCP.
So far I only found gcloud asset search-all-resources https://cloud.google.com/asset-inventory/docs/searching-resources-samples#use_case_count_all_the_cloud_resources_by_asset_type_and_location but it returned only lists. I need only counter. Is there some easy way that I missed?
Related
I have a Kusto query that will output for me processes from my VMs (whether they are stopped or not).
Here is the query:
ConfigurationData
| project Computer, SvcName, SvcDisplayName, SvcState, TimeGenerated, _ResourceId
| distinct Computer, SvcName, SvcDisplayName, SvcState, TimeGenerated , _ResourceId
| where SvcName =~ "{process_name}"
| where SvcState != "Running"
I need to parse the ComputerName (Computer) to an Automation Script so that it simply turns on the process that is not running.
How can I achieve this?
Would it be wiser to just run the KQL code in the automation script directly? But then, how can I trigger it? It needs to check every 5 mins whether the process is running. I suppose I could do a scheduling task.
I'm still trying to work at ways of parsing the KQL output to an automation script
One way is doing with Kusto query, the other way which I do is by using PowerShell commands as below and I followed SO-thread:
$vm = Get-Azvm -Status
foreach($emos in $vm)
{
$sc = Get-AzVM -ResourceGroupName $emos.ResourceGroupName -Name $emos.Name -Status
if($sc.Statuses.DisplayStatus[1] -eq "VM running")
{
Write-Output "Already started" + $emos
}
else{
Write-Output "Started now" + $emos
Start-AzVM -ResourceGroupName $emos.ResourceGroupName -Name $emos.Name
}
And you can schedule a recurrence in Automation as below after creating the above job in run book as below:
Or else you can use the above PowerShell Script in Azure PowerShell Functions, after that you can use timer Trigger function.
I would start by fixing the KQL query.
It is not retrieving services that are currently not running, it retrieves services that in some point in time were not running.
You should retrieve the last record for each service (running on a specific computer).
ConfigurationData
| where SvcName =~ "{process_name}"
| project Computer, SvcDisplayName, SvcState, TimeGenerated, _ResourceId
| summarize arg_max(TimeGenerated, *) by Computer
| where SvcState != "Running"
I am looking for a PowerShell script for getting the list of resources not having specific tagname/value in Azure, am having the cmdlet for this as I mentioned below, but don’t know how to create a complete script using functions, parameters etc.
Please help.
Many thanks,
$Tags = #{"environment"="Terraform Demo"}
Get-AzResource | Where-Object $Tags -eq $null | Select-Object -Property Name, ResourceType
Please help me with this logic correct me if this not required. Thanks in advance.
If you want to receive resources that do not have any tags configured at all, you could use this query:
Get-AzResource | Where-Object {$_.Tags -eq $null}
If you want to receive resources that have the environment tag set to $nulll, you could use this query:
Get-AzResource | Where-Object {$_.Tags.environment -eq ''}
Contrarily, if you want to find resources that do not have the tag combination "environment" = "Terraform Demo" you could use:
Get-AzResource | Where-Object {$_.Tags.environment -ne 'Terraform Demo'}
You might also want to check switching to Resource Graph queries, since you would not have to change the context when searching across multiple subscriptions.
Checking for resources that do not have an environment tag configured would work like this:
Search-AzGraph -Query "Resources | where tags.environment=~'' | project name"
The latter requires the Az.ResourceGraph module. See here for details: https://learn.microsoft.com/en-us/azure/governance/resource-graph/samples/starter?tabs=azure-powershell#list-tag
need to know what are the services / programs / extensions installed on a VM when VM insights is enabled for an Azure VM
To get the list of extensions installed on particular Azure VM, Make use of below Azure CLI command:
Get-AzVM -Name "your_vm_name" -ResourceGroup "your_resource_group_name" | Select -ExpandProperty Extensions | Select Name
To get list of extensions installed on all your Azure VMs, Make use of below Kusto script if helpful:
Resources
| where type == 'microsoft.compute/virtualmachines'
| extend
JoinID = toupper(id),
OSName = tostring(properties.osProfile.computerName),
OSType = tostring(properties.storageProfile.osDisk.osType),
VMSize = tostring(properties.hardwareProfile.vmSize)
| join kind=leftouter(
Resources
| where type == 'microsoft.compute/virtualmachines/extensions'
| extend
VMId = toupper(substring(id, 0, indexof(id, '/extensions'))),
ExtensionName = name
) on $left.JoinID == $right.VMId
| summarize Extensions = make_list(ExtensionName) by id, OSName, OSType, VMSize
| order by tolower(OSName) asc
For more in detail, please refer below links:
Advanced query samples - Azure Resource Graph | Microsoft Docs
powershell - how can i get a list of Azure VMS with operating system installed using Azure CLI? - Stack Overflow
Get-AzAdvisorRecommendation -Category Cost | Where-Object {$_.ImpactedField -eq "Microsoft.Compute/virtualMachines"}
I'm trying to get the Cost Property for Virtual MAchines on "Shut down or resize your virtual machine" but not able to get it similar with the Data shows in portal
Automate the advisor recommendations using PowerShell.
The command seems right. I don't have this Azure advice myself, but I can look for
Get-AzAdvisorRecommendation -Category Cost |
Where-Object {$_.ImpactedField -eq "Microsoft.Network/publicIPAddresses"}
and it gives me the corresponding advice. This should also work with "Microsoft.Compute/virtualMachines".
Are you sure the error is displayed when you omit the pipe?
Get-AzAdvisorRecommendation -Category Cost | Where-Object {$_.ImpactedField -eq "Microsoft.Compute/virtualMachines"} | Select-Object -ExpandProperty ExtendedProperties
I got the required answer with the query..
Thanks Casper!
I want to retrieve the creator of a virtual machine under Azure using azure rm powershell cmdlt or an api whitxh could return this type of information.
I used the "Get-AzureRmVM" command and the "GET https://management.azure.com/subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/vmName?api-version=2018-06-01" api but both of them don't return information about the creator of the VM
You can use the Get-AzLog command to look for the caller value in the Azure Activity logs.
Examples can be found here:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit#powershell
You can also set up alerts in Azure Monitoring that can send you an email or text message everytime a VM is created.
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
Example
# Requires the AZ module be installed on your machine. You can get this by running Install-Module 'AZ'
Connect-AzAccount # after calling this a browser window opens, allowing you to log into Azure through the UI under the relevant credentials; on successful login the token for this session is returned to your PowerShell session
# Sets your scope to the subscription you're interested in
Set-AzContext -Subscription 'myAzSubscription'
# Fetches (successful) events in the past 2 weeks
# Filters for those related to VM write events (which includes creating VMs, though sadly we can't just VM creations)
# groups by resource id (i.e. VM).
# Note: The Get-AzLog function can return a maximum of 100,000 events (and this count is based on the filters provided as parameters; filters applied to the results of the cmdlet won't impact this limit), so if things have been particularly busy some of the log may be truncated. If that's a common issue for you, try narrowing the event's time window or restricting queries to specific resource groups.
$events = Get-AzLog -StartTime ((Get-Date).AddDays(-14)) -ResourceProvider 'Microsoft.Compute' -Status 'Succeeded' -MaxRecord 100000 |
Where-Object {$_.Authorization.Action -eq 'Microsoft.Compute/virtualMachines/write'} |
Group-Object -Property #{E={$_.Authorization.Scope}}
# For each VM get the first event with a human caller (i.e. ignore system generated events) and return that caller's name. Filter out events that didn't have a human caller as irrelevant
$events |
Select-Object Name, #{N='InitiatedBy'; E = {
$_.Group |
Sort-Object SubmissionTimestamp |
Select-Object -ExpandProperty 'caller' |
Where-Object{$_ -like '*#*'} |
Select-Object -First 1
} } |
Where-Object InitiatedBy |
Format-Table -AutoSize
This information is not exposed in Azure API (unfortunately). Your only option is to take a look at activity logs of the resource and find the very first write operation to the resource, unfortunately resources do not expose creation time either, so you cannot be sure you will find proper creator, because activity logs only go back 90 days.