Azure Resource Graph sample queries for Azure networking
This page is a collection of Azure Resource Graph sample queries for Azure networking. For a complete list of Azure Resource Graph samples, see Resource Graph samples by Category and Resource Graph samples by Table.
Sample queries
Count resources that have IP addresses configured by subscription
Using the 'List all public IP addresses' example query and adding summarize and count(), we can get a list by subscription of resources with configured IP addresses.
Resources
| where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress)
| summarize count () by subscriptionId
az graph query -q "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId"
Get virtual networks and subnets of network interfaces
Use a regular expression parse to get the virtual network and subnet names from the resource ID property. While parse enables getting data from a complex field, it's optimal to access properties directly if they exist instead of using parse.
Resources
| where type =~ 'microsoft.network/networkinterfaces'
| project id, ipConfigurations = properties.ipConfigurations
| mvexpand ipConfigurations
| project id, subnetId = tostring(ipConfigurations.properties.subnet.id)
| parse kind=regex subnetId with '/virtualNetworks/' virtualNetwork '/subnets/' subnet
| project id, virtualNetwork, subnet
az graph query -q "Resources | where type =~ 'microsoft.network/networkinterfaces' | project id, ipConfigurations = properties.ipConfigurations | mvexpand ipConfigurations | project id, subnetId = tostring(ipConfigurations.properties.subnet.id) | parse kind=regex subnetId with '/virtualNetworks/' virtualNetwork '/subnets/' subnet | project id, virtualNetwork, subnet"
List all public IP addresses
Similar to the 'Show resources that contain storage' query, find everything that is a type with the word publicIPAddresses. This query expands on that pattern to only include results where properties.ipAddress isnotempty, to only return the properties.ipAddress, and to limit the results by the top 100. You may need to escape the quotes depending on your chosen shell.
Resources
| where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress)
| project properties.ipAddress
| limit 100
az graph query -q "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | project properties.ipAddress | limit 100"
Show unassociated network security groups
This query returns network security groups (NSGs) that aren't associated to a network interface or subnet.
Resources
| where type =~ 'microsoft.network/networksecuritygroups' and isnull(properties.networkInterfaces) and isnull(properties.subnets)
| project name, resourceGroup
| sort by name asc
az graph query -q "Resources | where type =~ 'microsoft.network/networksecuritygroups' and isnull(properties.networkInterfaces) and isnull(properties.subnets) | project name, resourceGroup | sort by name asc"
Next steps
Learn more about the query language.
Learn more about how to explore resources.
See samples of Starter language queries.
See samples of Advanced language queries.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for