Your paragraph text
Azure IPAM
Azure Kusto
Application Gateways
Average Throughput per second (Mb)
AzureMetrics
| where ResourceId contains "APPLICATIONGATEWAY"
| where MetricName == "Throughput"
| summarize avg(Average) by Resource, bin(TimeGenerated, 5m)
| extend ThroughputMb = todecimal((avg_Average/1000)/1000)
| project TimeGenerated, ThroughputMb, Resource
Search NSG Flow Logs
AzureNetworkAnalytics_CL
| where SubType_s == "FlowLog"
| extend FlowDirection = iff(FlowDirection_s == 'O', 'Outbound', 'Inbound')
| extend AllowedOrDenied = iff(FlowStatus_s == 'A', 'Allowed', 'Denied')
| extend SourceIP = iff(isempty(SrcIP_s), extract_all(@"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", SrcPublicIPs_s), SrcIP_s)
| extend DestinationIP = iff(isempty(DestIP_s), extract_all(@"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", DestPublicIPs_s), DestIP_s)
| extend Protocol = case(L4Protocol_s == 'T', "TCP", L4Protocol_s == 'U', "UDP", L4Protocol_s)
| project-rename NSGFL_Version = FASchemaVersion_s
| project TimeGenerated, FlowDirection, AllowedOrDenied, SourceIP, DestinationIP, DestPort_d, Protocol, L7Protocol_s, NSGList_s, NSGRule_s, NSGFL_Version
| where AllowedOrDenied == "Allowed"
| where SourceIP contains "10.81.36.70" and DestinationIP contains "10.180.8.4" and DestPort_d == 8080
Azure Resource Graph Queries
Find LB or App GW by IP
resources
| where type == "microsoft.network/virtualnetworks"
| mvexpand subnet=properties.subnets
| extend subnetip = tostring(subnet.properties.addressPrefix)
| mv-expand ipconfigs = subnet.properties.ipConfigurations limit 1000
| extend ipconfig = tostring(ipconfigs.id)
| extend ipar = split(ipconfig,'/')
| extend iptype = ipar[7]
| where isnotnull(ipconfigs)
| join kind=leftouter ( Resources
| where type == "microsoft.network/loadbalancers" or type == "microsoft.network/applicationgateways"
| mv-expand frontend = properties.frontendIPConfigurations limit 1000
| project ipconfig = tostring(frontend.id), lbname=name, lbip=frontend.properties.privateIPAddress) on ipconfig
| join kind=leftouter ( Resources
| where type == "microsoft.network/networkinterfaces"
| mv-expand ipconfig2 = properties.ipConfigurations limit 1000
| where isnotnull(ipconfig2.properties.privateIPAddress)
| extend virtualMachineName = extract('Microsoft.Compute/virtualMachines/(.*)', 1, tostring(properties.virtualMachine.id))
| project ipconfig = tostring(ipconfig2.id), virtualMachineName, nicname=name, nicip=ipconfig2.properties.privateIPAddress) on ipconfig
| extend ip3 = iff(isnull(nicip),lbip,nicip)
| extend name3 = iff(isnull(nicip),lbname,nicname)
| project ipconfig, iptype, ip3, name3, virtualMachineName
| where ip3 == 'X.X.X.X'