Monday, October 28, 2024

Some Kusto queries

 1. Find resource using TLS lower than 1.2:

resources
where type in (
    'microsoft.web/sites/config',
    'microsoft.storage/storageaccounts',
    'microsoft.sql/servers',
    'microsoft.network/applicationgateways',
    'microsoft.cdn/profiles/endpoints',
    'microsoft.apimanagement/service',
    'microsoft.network/virtualnetworkgateways',
    'microsoft.signalrservice/signalr',
    'microsoft.servicebus/namespaces',
    'microsoft.containerservice/managedclusters'
)
extend TlsVersion = case(
    type == 'microsoft.web/sites/config', properties.minTlsVersion,
    type == 'microsoft.storage/storageaccounts', properties.minimumTlsVersion,
    type == 'microsoft.sql/servers', properties.minimalTlsVersion,
    type == 'microsoft.network/applicationgateways', properties.sslPolicy.minProtocolVersion,
    type == 'microsoft.cdn/profiles/endpoints', properties.tlsSettings.protocolType,
    type == 'microsoft.apimanagement/service', tostring(properties.protocols),
    type == 'microsoft.network/virtualnetworkgateways', tostring(properties.vpnClientConfiguration.vpnClientProtocols),
    type == 'microsoft.signalrservice/signalr', properties.tls.minimalTlsVersion,
    type == 'microsoft.servicebus/namespaces', properties.minimumTlsVersion,
    type == 'microsoft.containerservice/managedclusters''TLS managed by individual deployments',
    'Unknown')
where TlsVersion !contains "1.2" and TlsVersion != "Unknown" and TlsVersion != "TLS1_2"
project ResourceType = type, 
          ResourceName = name, 
          Location = location, 
          TlsVersion


2.Find blocked queried in app gateway

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK"
| where Category == "ApplicationGatewayFirewallLog"
| where action_s == "Matched"
| project
    TimeGenerated,
    ClientIP = clientIp_s,
    RequestURI = requestUri_s,
    RuleId = ruleId_s,
    RuleSetType = ruleSetType_s,
    Action = action_s,
    Message,
    Hostname = hostname_s,
    TransactionId = transactionId_g
| sort by TimeGenerated desc
 

3. Find timeouts:


AzureDiagnostics

| where Category == "ApplicationGatewayAccessLog"

| where httpStatus_d in (408, 504, 502)  // Common timeout-related HTTP status codes

| where host_s == "ylukscaleprod.eu.yusen-logistics.com"


4. Statistics, success rate in every 5 minute slot:


AzureDiagnostics

| where ResourceType == "APPLICATIONGATEWAYS"

| where Category == "ApplicationGatewayFirewallLog" or Category == "ApplicationGatewayAccessLog"

| where TimeGenerated >= ago(30d) // Adjust timeframe as needed

| where listenerName_s == "https-ylukscaleprod-eu-yusen-logisitcs-com" // Filter for specific listener if needed

| extend ListenerName = listenerName_s

| extend ResponseCode = httpStatus_d

| extend IsHealthy = iff(ResponseCode >= 200 and ResponseCode < 400, true, false)

| summarize 

    TotalRequests = count(),

    FailedRequests = countif(not(IsHealthy)),

    SuccessRate = (count() - countif(not(IsHealthy))) * 100.0 / count()

    by bin(TimeGenerated, 5m), ListenerName, _ResourceId

| extend IsDown = iff(SuccessRate < 50, true, false) // Define downtime threshold

| order by TimeGenerated desc



5. Success rate in last 7 dates:


AzureDiagnostics

| where ResourceType == "APPLICATIONGATEWAYS"

| where Category == "ApplicationGatewayFirewallLog" or Category == "ApplicationGatewayAccessLog"

| where TimeGenerated >= ago(30d) // Adjust timeframe as needed

| where listenerName_s == "https-ylukscaleprod-eu-yusen-logisitcs-com" // Filter for specific listener if needed

| extend ListenerName = listenerName_s

| extend ResponseCode = httpStatus_d

| extend IsHealthy = iff(ResponseCode >= 200 and ResponseCode < 400, true, false)

| summarize 

    TotalRequests = count(),

    FailedRequests = countif(not(IsHealthy)),

    SuccessRate = (count() - countif(not(IsHealthy))) * 100.0 / count()

    by bin(TimeGenerated, 5m), ListenerName, _ResourceId

| extend IsDown = iff(SuccessRate < 50, true, false) // Define downtime threshold

| order by TimeGenerated desc



6. Statistics with error code failures and successes:

AzureDiagnostics

| where ResourceProvider == "MICROSOFT.NETWORK"

| where Category == "ApplicationGatewayFirewallLog"

| where action_s == "Matched"

| where hostname_s == "ylukscaleprod.eu.yusen-logistics.com"

| project

    TimeGenerated,

    ClientIP = clientIp_s,

    RequestURI = requestUri_s,

    RuleId = ruleId_s,

    RuleSetType = ruleSetType_s,

    Action = action_s,

    Message,

    Hostname = hostname_s,

    TransactionId = transactionId_g

| sort by TimeGenerated desc


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)