You might want a comprehensive list of managed disks in your Azure infrastructure when doing the following:
Prerequisites
In order to execute this procedure in your environment, the following data, services, or apps are required:
Example
As an administrator, you want to have a high-level view of the number and type of managed disks in your Azure infrastructure.
NOTE: To optimize the search shown below, you should specify an index and a time range.
- Run the following search:
sourcetype="azure:compute:disk"
|dedup id
|stats latest(location) AS Location latest(managedBy) AS managedBy latest(name) AS name latest(properties.creationData.imageReference.id) AS imageReference latest(properties.diskSizeGB) AS diskSize latest(properties.diskState) AS diskState latest(properties.osType) AS osType latest(properties.provisioningState) AS provisioningState latest(sku.name) AS skuName latest(sku.tier) AS skuTier BY id
|table name diskState diskSize osType provisioningState skuName skuTier
|rename name AS Name diskState AS "Disk State" diskSize AS "Disk Size (GB)" osType AS "OS Type" provisioningState AS "Provisioning State" skuName AS "SKU Name" skuTier AS "SKU Tier"
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
|
Splunk Search |
Explanation |
|
sourcetype="azure:compute:disk" |
Search only Azure managed disk data. |
|
|dedup id |
Remove results with duplicate IDs. |
|
|stats latest(location) AS Location latest(managedBy) AS managedBy latest(name) AS name latest(properties.creationData.imageReference.id) AS imageReference latest(properties.diskSizeGB) AS diskSize latest(properties.diskState) AS diskState latest(properties.osType) AS osType latest(properties.provisioningState) AS provisioningState latest(sku.name) AS skuName latest(sku.tier) AS skuTier BY id |
Return the latest information for each disk. Simplify the field names for better readability. |
|
|table name diskState diskSize osType provisioningState skuName skuTier |
Display the results in a table with columns in the order shown. |
|
|rename name AS Name diskState AS "Disk State" diskSize AS "Disk Size (GB)" osType AS "OS Type" provisioningState AS "Provisioning State" skuName AS "SKU Name" skuTier AS "SKU Tier" |
Rename the fields as shown for better readability. |
Result
Sample results for this search are shown in the table below. The search provides useful information, such as the disk state. For example, if many disks are unattached, you might want to delete or archive them. Other fields can be used to determine if disks are being managed well. For example, the overuse of Premium SKU Tier is good to know about and can be found with this search. The size of disks is important too since many large or small disks can be reconfigured for optimization.
|
Name |
Disk State |
Disk Size (GB) |
OS Type |
Provisioning State |
SKU Name |
SKU Tier |
|
Ry-Win10_OsDisk_1_8e4e467763f14cde9d3a557797b88b01 |
Attached |
127 |
Windows |
Succeeded |
StandardSSD_LRS |
Standard |
|
SPLUNKHF01_OsDisk_1_ae8001bff3534b28b1d8b319f2912b4d |
Attached |
30 |
Linux |
Succeeded |
Standard_LRS |
Standard |
|
Test_OsDisk_1_32e1685f3eb247659c42cee472ce0b90 |
Unattached |
127 |
Windows |
Succeeded |
StandardSSD_LRS |
Standard |
|
WVD-Win10-0_OsDisk_1_1a45824068fd4d368a022b9802f2cd2e |
Attached |
127 |
Windows |
Succeeded |
StandardSSD_LRS |
Standard |
|
CentOS_DataDisk_0 |
Reserved |
32 |
Succeeded |
Premium_LRS |
Premium |
Comments
0 comments
Please sign in to leave a comment.