dt-obs-azure

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Azure Cloud Infrastructure

Azure云基础设施

Monitor and analyze Azure resources using Dynatrace Smartscape and DQL. Query Azure services, audit security, manage organizational hierarchy, and plan capacity across your Azure infrastructure.

使用Dynatrace Smartscape和DQL监控并分析Azure资源。查询Azure服务、审计安全状况、管理组织层级，并针对Azure基础设施进行容量规划。

When to Use This Skill

何时使用此技能

Use this skill when the user needs to work with Azure resources in Dynatrace. Load the reference file for the task type:

Task	File to load
Inventory and topology queries	(no additional file — use core patterns below)
Query Azure metric timeseries (CPU, latency, throughput)	Load `references/metrics-performance.md`
VNet topology, subnets, NSGs, public IPs, VPN, peering	Load `references/vnet-networking-security.md`
Azure SQL, Cosmos DB, PostgreSQL, Redis investigation	Load `references/database-monitoring.md`
Functions, App Service, AKS infrastructure, Container Apps	Load `references/serverless-containers.md`
Azure LB, Application Gateway, Front Door, API Management	Load `references/load-balancing-api.md`
WAF rule analysis, false-positive investigation	Load `references/load-balancing-api.md`
Event Hubs, Service Bus, Event Grid	Load `references/messaging-integration.md`
Storage Accounts, Blob, File, Queue, Table	Load `references/storage-monitoring.md`
Unattached resources, tag compliance, lifecycle	Load `references/resource-management.md`
Cost savings, unused resources, SKU analysis	Load `references/cost-optimization.md`
Capacity headroom, VMSS scaling, quotas	Load `references/capacity-planning.md`
Security audit, encryption, public access, Key Vault	Load `references/security-compliance.md`
NSG rule analysis (0.0.0.0/0, open ports)	Load `references/security-compliance.md`
Storage account encryption/public access audit	Load `references/security-compliance.md`
Cost allocation, chargeback, ownership	Load `references/resource-ownership.md`
Determine orchestration context (AKS, VMSS, standalone)	Load `references/workload-detection.md`

当用户需要在Dynatrace中操作Azure资源时使用此技能。根据任务类型加载参考文件：

任务	需加载的文件
资源清单与拓扑查询	（无需额外文件——使用下方核心模式）
查询Azure指标时间序列（CPU、延迟、吞吐量）	加载 `references/metrics-performance.md`
VNet拓扑、子网、NSG、公网IP、VPN、对等连接	加载 `references/vnet-networking-security.md`
Azure SQL、Cosmos DB、PostgreSQL、Redis排查	加载 `references/database-monitoring.md`
Functions、App Service、AKS基础设施、Container Apps	加载 `references/serverless-containers.md`
Azure LB、Application Gateway、Front Door、API Management	加载 `references/load-balancing-api.md`
WAF规则分析、误报排查	加载 `references/load-balancing-api.md`
Event Hubs、Service Bus、Event Grid	加载 `references/messaging-integration.md`
存储账户、Blob、File、Queue、Table	加载 `references/storage-monitoring.md`
未关联资源、标签合规性、生命周期	加载 `references/resource-management.md`
成本节约、未使用资源、SKU分析	加载 `references/cost-optimization.md`
容量余量、VMSS伸缩、配额	加载 `references/capacity-planning.md`
安全审计、加密、公网访问、Key Vault	加载 `references/security-compliance.md`
NSG规则分析（0.0.0.0/0、开放端口）	加载 `references/security-compliance.md`
存储账户加密/公网访问审计	加载 `references/security-compliance.md`
成本分配、费用回溯、归属权	加载 `references/resource-ownership.md`
确定编排上下文（AKS、VMSS、独立资源）	加载 `references/workload-detection.md`

Core Concepts

核心概念

Entity Types

实体类型

Azure resources use the

AZURE_*

prefix and can be queried using the

smartscapeNodes

function. All Azure entities are automatically discovered and modeled in Dynatrace Smartscape. Entity type names are derived from the ARM resource provider path:

/Microsoft.Compute/virtualMachines

becomes

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES

. Sub-resources append with underscores:

/Microsoft.Sql/servers/databases

becomes

AZURE_MICROSOFT_SQL_SERVERS_DATABASES

Compute:

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS_VIRTUALMACHINES

AZURE_MICROSOFT_COMPUTE_DISKS

AZURE_MICROSOFT_COMPUTE_SSHPUBLICKEYS

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES_EXTENSIONS

Networking:

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS

AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS

AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES

AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES

AZURE_MICROSOFT_NETWORK_LOADBALANCERS

AZURE_MICROSOFT_NETWORK_APPLICATIONGATEWAYS

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKGATEWAYS

AZURE_MICROSOFT_NETWORK_CONNECTIONS

AZURE_MICROSOFT_NETWORK_EXPRESSROUTECIRCUITS

Database:

AZURE_MICROSOFT_SQL_SERVERS

AZURE_MICROSOFT_SQL_SERVERS_DATABASES

AZURE_MICROSOFT_CACHE_REDIS

AZURE_MICROSOFT_CACHE_REDISENTERPRISE

AZURE_MICROSOFT_DOCUMENTDB_DATABASEACCOUNTS

Storage:

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_BLOBSERVICES_CONTAINERS

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_FILESERVICES_SHARES

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_QUEUESERVICES_QUEUES

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_TABLESERVICES_TABLES

Kubernetes/Containers:

AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS

AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS_AGENTPOOLS

AZURE_MICROSOFT_CONTAINERREGISTRY_REGISTRIES

AZURE_MICROSOFT_APP_CONTAINERAPPS

AZURE_MICROSOFT_APP_MANAGEDENVIRONMENTS

AZURE_MICROSOFT_APP_JOBS

App Service:

AZURE_MICROSOFT_WEB_SITES

AZURE_MICROSOFT_WEB_SERVERFARMS

AZURE_MICROSOFT_WEB_SITES_FUNCTIONS

Messaging:

AZURE_MICROSOFT_EVENTHUB_NAMESPACES

AZURE_MICROSOFT_EVENTHUB_NAMESPACES_EVENTHUBS

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_QUEUES

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS_SUBSCRIPTIONS

Security/Identity:

AZURE_MICROSOFT_KEYVAULT_VAULTS

AZURE_MICROSOFT_MANAGEDIDENTITY_USERASSIGNEDIDENTITIES

Monitoring:

AZURE_MICROSOFT_OPERATIONALINSIGHTS_WORKSPACES

AZURE_MICROSOFT_INSIGHTS_COMPONENTS

API Management:

AZURE_MICROSOFT_APIMANAGEMENT_SERVICE

Azure资源使用

AZURE_*

前缀，可通过

smartscapeNodes

函数查询。所有Azure实体都会被自动发现并在Dynatrace Smartscape中建模。实体类型名称源自ARM资源提供程序路径：

/Microsoft.Compute/virtualMachines

会变为

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES

。子资源以下划线追加：

/Microsoft.Sql/servers/databases

会变为

AZURE_MICROSOFT_SQL_SERVERS_DATABASES

。

计算类：

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS_VIRTUALMACHINES

AZURE_MICROSOFT_COMPUTE_DISKS

AZURE_MICROSOFT_COMPUTE_SSHPUBLICKEYS

AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES_EXTENSIONS

网络类：

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS

AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS

AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES

AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES

AZURE_MICROSOFT_NETWORK_LOADBALANCERS

AZURE_MICROSOFT_NETWORK_APPLICATIONGATEWAYS

AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKGATEWAYS

AZURE_MICROSOFT_NETWORK_CONNECTIONS

AZURE_MICROSOFT_NETWORK_EXPRESSROUTECIRCUITS

数据库类：

AZURE_MICROSOFT_SQL_SERVERS

AZURE_MICROSOFT_SQL_SERVERS_DATABASES

AZURE_MICROSOFT_CACHE_REDIS

AZURE_MICROSOFT_CACHE_REDISENTERPRISE

AZURE_MICROSOFT_DOCUMENTDB_DATABASEACCOUNTS

存储类：

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_BLOBSERVICES_CONTAINERS

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_FILESERVICES_SHARES

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_QUEUESERVICES_QUEUES

AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_TABLESERVICES_TABLES

Kubernetes/容器类：

AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS

AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS_AGENTPOOLS

AZURE_MICROSOFT_CONTAINERREGISTRY_REGISTRIES

AZURE_MICROSOFT_APP_CONTAINERAPPS

AZURE_MICROSOFT_APP_MANAGEDENVIRONMENTS

AZURE_MICROSOFT_APP_JOBS

App Service类：

AZURE_MICROSOFT_WEB_SITES

AZURE_MICROSOFT_WEB_SERVERFARMS

AZURE_MICROSOFT_WEB_SITES_FUNCTIONS

消息类：

AZURE_MICROSOFT_EVENTHUB_NAMESPACES

AZURE_MICROSOFT_EVENTHUB_NAMESPACES_EVENTHUBS

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_QUEUES

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS

AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS_SUBSCRIPTIONS

安全/身份类：

AZURE_MICROSOFT_KEYVAULT_VAULTS

AZURE_MICROSOFT_MANAGEDIDENTITY_USERASSIGNEDIDENTITIES

监控类：

AZURE_MICROSOFT_OPERATIONALINSIGHTS_WORKSPACES

AZURE_MICROSOFT_INSIGHTS_COMPONENTS

API管理类：

AZURE_MICROSOFT_APIMANAGEMENT_SERVICE

Azure Organizational Hierarchy

Azure组织层级

Azure organizes resources in a three-level hierarchy: Tenant > Subscription > Resource Group. Every resource belongs to exactly one resource group within one subscription. Use these fields to scope queries:

dql

filter azure.subscription == "08b9810e-..."

dql

filter azure.resource.group == "my-rg"

dql

filter azure.location == "eastus"

Combine these filters for precise scoping:

dql

smartscapeNodes "AZURE_*"
| filter azure.subscription == "<SUBSCRIPTION_ID>"
    and azure.resource.group == "<RESOURCE_GROUP>"
    and azure.location == "<REGION>"
| summarize count = count(), by: {type}
| sort count desc

To see the organizational breakdown across your environment:

dql

smartscapeNodes "AZURE_*"
| summarize resource_count = count(), by: {azure.subscription, azure.resource.group}
| sort resource_count desc

Azure采用三级层级结构组织资源：租户 > 订阅 > 资源组。每个资源仅属于一个订阅中的一个资源组。可使用以下字段限定查询范围：

dql

filter azure.subscription == "08b9810e-..."

dql

filter azure.resource.group == "my-rg"

dql

filter azure.location == "eastus"

组合这些过滤器以实现精准范围限定：

dql

smartscapeNodes "AZURE_*"
| filter azure.subscription == "<SUBSCRIPTION_ID>"
    and azure.resource.group == "<RESOURCE_GROUP>"
    and azure.location == "<REGION>"
| summarize count = count(), by: {type}
| sort count desc

如需查看环境中的组织细分情况：

dql

smartscapeNodes "AZURE_*"
| summarize resource_count = count(), by: {azure.subscription, azure.resource.group}
| sort resource_count desc

Common Azure Fields

通用Azure字段

All Azure entities include:

```
azure.subscription
```
— Azure subscription GUID
```
azure.resource.group
```
— Resource group name
```
azure.location
```
— Azure region (e.g.,
```
eastus
```
,
```
polandcentral
```
)

azure.resourceType

— ARM resource type (e.g.,

microsoft.compute/virtualmachines

)

```
azure.provisioning_state
```
— Provisioning state (e.g.,
```
Succeeded
```
)
```
azure.object
```
— Full ARM resource JSON (see Configuration Parsing)
```
cloud.provider
```
— Always
```
azure
```
```
tags
```
— Resource tags (use
```
tags[`key`]
```
)

Some entity types also have:

```
azure.resourceId
```
— Full ARM resource ID (VMs and some others)
```
azure.resourceName
```
— Resource name (VMs and some others)
```
azure.availabilityZones
```
— Availability zone list (VMs)

所有Azure实体均包含以下字段：

```
azure.subscription
```
— Azure订阅GUID
```
azure.resource.group
```
— 资源组名称
```
azure.location
```
— Azure区域（例如
```
eastus
```
、
```
polandcentral
```
）

azure.resourceType

— ARM资源类型（例如

microsoft.compute/virtualmachines

）

```
azure.provisioning_state
```
— 部署状态（例如
```
Succeeded
```
）
```
azure.object
```
— 完整的ARM资源JSON（参见配置解析）
```
cloud.provider
```
— 始终为
```
azure
```
```
tags
```
— 资源标签（使用
```
tags[`key`]
```
）

部分实体类型还包含：

```
azure.resourceId
```
— 完整的ARM资源ID（VM及部分其他资源）
```
azure.resourceName
```
— 资源名称（VM及部分其他资源）
```
azure.availabilityZones
```
— 可用区列表（VM）

Relationship Types

关系类型

Azure entity relationships can be traversed using

traverse

. The

dt.traverse.relationship

field is not populated for Azure entities, so you must use

"*"

as the relationship name in all traversal commands.

Key traversal pairs:

VM → Disks:

traverse "*", "AZURE_MICROSOFT_COMPUTE_DISKS"

VM → NICs:

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES"

VM → VMSS:

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS"

VM → Availability Zones:

traverse "*", "AZURE_MICROSOFT_RESOURCES_LOCATIONS_AVAILABILITYZONES"

VM ← Extensions:

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES_EXTENSIONS", direction:backward

VMSS → AKS Clusters:

traverse "*", "AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS"

VMSS → Subnets:

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS"

VMSS → NSGs:

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS"

VMSS → LB Backend Pools:

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS"

Subnet → VNet:

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS"

Subnet → NSG:

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS"

Subnet ← VMSS:

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward

NSG ← NICs:

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES", direction:backward

NSG ← Subnets:

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS", direction:backward

LB → Backend Pools:

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS"

LB → Frontend IPs:

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_FRONTENDIPCONFIGURATIONS"

LB → LB Rules:

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_LOADBALANCINGRULES"

SQL Server ← SQL Databases:

traverse "*", "AZURE_MICROSOFT_SQL_SERVERS_DATABASES", direction:backward

Storage Account ← Blob Containers:

traverse "*", "AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_BLOBSERVICES_CONTAINERS", direction:backward

Storage Account ← File Shares:

traverse "*", "AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_FILESERVICES_SHARES", direction:backward

AKS ← VMSS:

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward

AKS ← Agent Pools:

traverse "*", "AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS_AGENTPOOLS", direction:backward

AKS ← NSGs:

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS", direction:backward

AKS ← Public IPs:

traverse "*", "AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES", direction:backward

AKS → Public IPs:

traverse "*", "AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES"

Web Site → App Service Plan:

traverse "*", "AZURE_MICROSOFT_WEB_SERVERFARMS"

Web Site ← Functions:

traverse "*", "AZURE_MICROSOFT_WEB_SITES_FUNCTIONS", direction:backward

Container App → Managed Environment:

traverse "*", "AZURE_MICROSOFT_APP_MANAGEDENVIRONMENTS"

EventHub Namespace ← Event Hubs:

traverse "*", "AZURE_MICROSOFT_EVENTHUB_NAMESPACES_EVENTHUBS", direction:backward

ServiceBus Namespace ← Queues:

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_QUEUES", direction:backward

ServiceBus Namespace ← Topics:

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS", direction:backward

ServiceBus Topic ← Subscriptions:

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS_SUBSCRIPTIONS", direction:backward

Use
```
fieldsKeep:{field1, field2}
```
to carry fields through multi-hop traversals

After a single-hop traverse, use

dt.traverse.history[0][id]

to get the source entity ID, then

lookup

to resolve the source entity name:

dql

| fieldsAdd sourceId = dt.traverse.history[0][id]
| lookup [smartscapeNodes "SOURCE_TYPE" | fields name, id], sourceField: sourceId, lookupField: id, prefix: "src."

After multi-hop traversals,
```
dt.traverse.history[-N]
```
works for fields carried via
```
fieldsKeep
```

可使用

traverse

遍历Azure实体关系。Azure实体的

dt.traverse.relationship

字段未填充，因此在所有遍历命令中必须使用

"*"

作为关系名称。

关键遍历对：

VM → 磁盘：

traverse "*", "AZURE_MICROSOFT_COMPUTE_DISKS"

VM → 网卡：

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES"

VM → VMSS：

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS"

VM → 可用区：

traverse "*", "AZURE_MICROSOFT_RESOURCES_LOCATIONS_AVAILABILITYZONES"

VM ← 扩展：

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES_EXTENSIONS", direction:backward

VMSS → AKS集群：

traverse "*", "AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS"

VMSS → 子网：

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS"

VMSS → NSG：

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS"

VMSS → LB后端池：

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS"

子网 → VNet：

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS"

子网 → NSG：

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS"

子网 ← VMSS：

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward

NSG ← 网卡：

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKINTERFACES", direction:backward

NSG ← 子网：

traverse "*", "AZURE_MICROSOFT_NETWORK_VIRTUALNETWORKS_SUBNETS", direction:backward

LB → 后端池：

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS"

LB → 前端IP：

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_FRONTENDIPCONFIGURATIONS"

LB → LB规则：

traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_LOADBALANCINGRULES"

SQL Server ← SQL数据库：

traverse "*", "AZURE_MICROSOFT_SQL_SERVERS_DATABASES", direction:backward

存储账户 ← Blob容器：

traverse "*", "AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_BLOBSERVICES_CONTAINERS", direction:backward

存储账户 ← 文件共享：

traverse "*", "AZURE_MICROSOFT_STORAGE_STORAGEACCOUNTS_FILESERVICES_SHARES", direction:backward

AKS ← VMSS：

traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward

AKS ← 代理池：

traverse "*", "AZURE_MICROSOFT_CONTAINERSERVICE_MANAGEDCLUSTERS_AGENTPOOLS", direction:backward

AKS ← NSG：

traverse "*", "AZURE_MICROSOFT_NETWORK_NETWORKSECURITYGROUPS", direction:backward

AKS ← 公网IP：

traverse "*", "AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES", direction:backward

AKS → 公网IP：

traverse "*", "AZURE_MICROSOFT_NETWORK_PUBLICIPADDRESSES"

网站 → App Service计划：

traverse "*", "AZURE_MICROSOFT_WEB_SERVERFARMS"

网站 ← Functions：

traverse "*", "AZURE_MICROSOFT_WEB_SITES_FUNCTIONS", direction:backward

Container App → 托管环境：

traverse "*", "AZURE_MICROSOFT_APP_MANAGEDENVIRONMENTS"

EventHub命名空间 ← Event Hubs：

traverse "*", "AZURE_MICROSOFT_EVENTHUB_NAMESPACES_EVENTHUBS", direction:backward

ServiceBus命名空间 ← 队列：

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_QUEUES", direction:backward

ServiceBus命名空间 ← 主题：

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS", direction:backward

ServiceBus主题 ← 订阅：

traverse "*", "AZURE_MICROSOFT_SERVICEBUS_NAMESPACES_TOPICS_SUBSCRIPTIONS", direction:backward

使用
```
fieldsKeep:{field1, field2}
```
在多跳遍历中保留字段

单跳遍历后，使用

dt.traverse.history[0][id]

获取源实体ID，再使用

lookup

解析源实体名称：

dql

| fieldsAdd sourceId = dt.traverse.history[0][id]
| lookup [smartscapeNodes "SOURCE_TYPE" | fields name, id], sourceField: sourceId, lookupField: id, prefix: "src."

多跳遍历后，
```
dt.traverse.history[-N]
```
可用于访问通过
```
fieldsKeep
```
保留的字段

Azure Metric Naming Convention

Azure指标命名规范

Dynatrace ingests Azure Monitor metrics and exposes them using this naming pattern:

cloud.azure.<provider_namespace>.<resource_type>.<MetricName>

The

<provider_namespace>

uses underscores within the namespace (e.g.,

microsoft_compute

) and

<resource_type>

is lowercase (e.g.,

virtualmachines

). Hierarchy levels are dot-separated:

microsoft_sql.servers.databases

<MetricName>

is the Azure Monitor metric name.

Examples:

Azure Monitor metric	Dynatrace metric key
VM `Percentage CPU`	`cloud.azure.microsoft_compute.virtualmachines.PercentageCPU`
SQL DB `cpu_percent`	`cloud.azure.microsoft_sql.servers.databases.cpu_percent`
Storage `Ingress`	`cloud.azure.microsoft_storage.storageaccounts.Ingress`
Event Hub `IncomingMessages`	`cloud.azure.microsoft_eventhub.namespaces.IncomingMessages`
Service Bus `IncomingMessages`	`cloud.azure.microsoft_servicebus.namespaces.IncomingMessages`
App Service `HttpResponseTime`	`cloud.azure.microsoft_web.sites.HttpResponseTime`
Load Balancer `ByteCount`	`cloud.azure.microsoft_network.loadbalancers.ByteCount`
AKS `node_cpu_usage_percentage`	`cloud.azure.microsoft_containerservice.managedclusters.node_cpu_usage_percentage`
Cosmos DB `TotalRequestUnits`	`cloud.azure.microsoft_documentdb.databaseaccounts.TotalRequestUnits`
Redis `serverLoad`	`cloud.azure.microsoft_cache.redis.serverLoad`
App Gateway `TotalRequests`	`cloud.azure.microsoft_network.applicationgateways.TotalRequests`

To query a metric:

dql

timeseries cpu = avg(cloud.azure.microsoft_compute.virtualmachines.PercentageCPU),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10

Important: Never refer to these as "Azure Monitor alerts" or "Azure Monitor metrics" in output. Dynatrace monitors Azure resources natively through its Azure integration — these are Dynatrace metrics ingested from Azure.

Dynatrace会摄取Azure Monitor指标，并采用以下命名模式暴露这些指标：

cloud.azure.<provider_namespace>.<resource_type>.<MetricName>

<provider_namespace>

在命名空间内使用下划线（例如

microsoft_compute

），

<resource_type>

为小写（例如

virtualmachines

）。层级使用点分隔：

microsoft_sql.servers.databases

。

<MetricName>

为Azure Monitor指标名称。

示例：

Azure Monitor指标	Dynatrace指标键
VM `Percentage CPU`	`cloud.azure.microsoft_compute.virtualmachines.PercentageCPU`
SQL DB `cpu_percent`	`cloud.azure.microsoft_sql.servers.databases.cpu_percent`
Storage `Ingress`	`cloud.azure.microsoft_storage.storageaccounts.Ingress`
Event Hub `IncomingMessages`	`cloud.azure.microsoft_eventhub.namespaces.IncomingMessages`
Service Bus `IncomingMessages`	`cloud.azure.microsoft_servicebus.namespaces.IncomingMessages`
App Service `HttpResponseTime`	`cloud.azure.microsoft_web.sites.HttpResponseTime`
负载均衡器 `ByteCount`	`cloud.azure.microsoft_network.loadbalancers.ByteCount`
AKS `node_cpu_usage_percentage`	`cloud.azure.microsoft_containerservice.managedclusters.node_cpu_usage_percentage`
Cosmos DB `TotalRequestUnits`	`cloud.azure.microsoft_documentdb.databaseaccounts.TotalRequestUnits`
Redis `serverLoad`	`cloud.azure.microsoft_cache.redis.serverLoad`
Application Gateway `TotalRequests`	`cloud.azure.microsoft_network.applicationgateways.TotalRequests`

查询指标示例：

dql

timeseries cpu = avg(cloud.azure.microsoft_compute.virtualmachines.PercentageCPU),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10

重要提示： 在输出中切勿将这些称为“Azure Monitor警报”或“Azure Monitor指标”。Dynatrace通过其Azure集成原生监控Azure资源——这些是从Azure摄取的Dynatrace指标。

Configuration Parsing with azure.object

使用azure.object进行配置解析

The

azure.object

field contains the full ARM resource JSON. Parse it with the

azjson

alias:

dql

parse azure.object, "JSON:azjson"

The JSON is wrapped in a

configuration

key:

json

{
  "configuration": {
    "id": "<ARM resource ID>",
    "name": "<resource name>",
    "type": "<ARM resource type>",
    "location": "<region>",
    "sku": { ... },
    "properties": { ... },
    "zones": [...]
  },
  "tags": { ... }
}

Access patterns:

Properties:

azjson[configuration][properties][field]

SKU:
```
azjson[configuration][sku][name]
```
Kind:
```
azjson[configuration][kind]
```
Zones:
```
azjson[configuration][zones]
```

Common configuration fields by service:

VM:

properties.hardwareProfile.vmSize

properties.storageProfile.imageReference.offer

properties.storageProfile.osDisk.osType

properties.extended.instanceView.powerState.displayStatus

VMSS:

sku.name

(VM size),

sku.capacity

(instance count),

tags.aks-managed-poolName

NSG:

properties.securityRules[]

(custom rules array),

properties.securityRules[].properties.direction

properties.securityRules[].properties.access

properties.securityRules[].properties.sourceAddressPrefix

Storage Account:

kind

(e.g., StorageV2),

sku.name

properties.accessTier

properties.supportsHttpsTrafficOnly

properties.allowBlobPublicAccess

properties.encryption.keySource

SQL Server:

properties.fullyQualifiedDomainName

properties.publicNetworkAccess

properties.minimalTlsVersion

SQL Database:

sku.name

(tier),

sku.capacity

(DTU/vCore),

properties.status

properties.zoneRedundant

AKS:

properties.kubernetesVersion

properties.powerState.code

properties.networkProfile.networkPlugin

properties.enableRBAC

Web Site:

kind

(e.g.,

functionapp,linux

properties.state

properties.defaultHostName

properties.siteConfig.linuxFxVersion

Container App:

properties.runningStatus

properties.template.containers[].image

properties.template.scale.minReplicas

properties.template.scale.maxReplicas

Event Hub Namespace:

sku.name

properties.kafkaEnabled

properties.zoneRedundant

Service Bus Namespace:

sku.name

(Basic/Standard/Premium),

properties.zoneRedundant

properties.minimumTlsVersion

properties.publicNetworkAccess

properties.disableLocalAuth

properties.status

Service Bus Queue:

properties.maxSizeInMegabytes

properties.enablePartitioning

properties.deadLetteringOnMessageExpiration

properties.maxDeliveryCount

properties.lockDuration

properties.requiresDuplicateDetection

properties.status

Key Vault:

properties.enableRbacAuthorization

properties.enableSoftDelete

properties.publicNetworkAccess

Redis:

properties.sku.name

properties.hostName

properties.redisVersion

properties.enableNonSslPort

Cosmos DB:

kind

(e.g., GlobalDocumentDB),

properties.EnabledApiTypes

properties.consistencyPolicy.defaultConsistencyLevel

Load Balancer:
```
sku.name
```
,
```
tags.aks-managed-cluster-name
```

App Gateway:

properties.sku.name

properties.sku.tier

properties.operationalState

properties.webApplicationFirewallConfiguration.enabled

properties.webApplicationFirewallConfiguration.firewallMode

(Detection/Prevention),

properties.webApplicationFirewallConfiguration.ruleSetType

properties.webApplicationFirewallConfiguration.ruleSetVersion

properties.webApplicationFirewallConfiguration.disabledRuleGroups[]

properties.webApplicationFirewallConfiguration.exclusions[]

properties.firewallPolicy.id

azure.object

字段包含完整的ARM资源JSON。可使用

azjson

别名解析：

dql

parse azure.object, "JSON:azjson"

JSON被包裹在

configuration

键中：

json

{
  "configuration": {
    "id": "<ARM resource ID>",
    "name": "<resource name>",
    "type": "<ARM resource type>",
    "location": "<region>",
    "sku": { ... },
    "properties": { ... },
    "zones": [...]
  },
  "tags": { ... }
}

访问模式：

属性：

azjson[configuration][properties][field]

SKU：
```
azjson[configuration][sku][name]
```
类型：
```
azjson[configuration][kind]
```
可用区：
```
azjson[configuration][zones]
```

各服务常见配置字段：

VM：

properties.hardwareProfile.vmSize

properties.storageProfile.imageReference.offer

properties.storageProfile.osDisk.osType

properties.extended.instanceView.powerState.displayStatus

VMSS：

sku.name

（VM规格）,

sku.capacity

（实例数量）,

tags.aks-managed-poolName

NSG：

properties.securityRules[]

（自定义规则数组）,

properties.securityRules[].properties.direction

properties.securityRules[].properties.access

properties.securityRules[].properties.sourceAddressPrefix

存储账户：

kind

（例如StorageV2）,

sku.name

properties.accessTier

properties.supportsHttpsTrafficOnly

properties.allowBlobPublicAccess

properties.encryption.keySource

SQL Server：

properties.fullyQualifiedDomainName

properties.publicNetworkAccess

properties.minimalTlsVersion

SQL数据库：

sku.name

（层级）,

sku.capacity

（DTU/vCore）,

properties.status

properties.zoneRedundant

AKS：

properties.kubernetesVersion

properties.powerState.code

properties.networkProfile.networkPlugin

properties.enableRBAC

网站：

kind

（例如

functionapp,linux

）,

properties.state

properties.defaultHostName

properties.siteConfig.linuxFxVersion

Container App：

properties.runningStatus

properties.template.containers[].image

properties.template.scale.minReplicas

properties.template.scale.maxReplicas

Event Hub命名空间：

sku.name

properties.kafkaEnabled

properties.zoneRedundant

ServiceBus命名空间：

sku.name

（Basic/Standard/Premium）,

properties.zoneRedundant

properties.minimumTlsVersion

properties.publicNetworkAccess

properties.disableLocalAuth

properties.status

ServiceBus队列：

properties.maxSizeInMegabytes

properties.enablePartitioning

properties.deadLetteringOnMessageExpiration

properties.maxDeliveryCount

properties.lockDuration

properties.requiresDuplicateDetection

properties.status

Key Vault：

properties.enableRbacAuthorization

properties.enableSoftDelete

properties.publicNetworkAccess

Redis：

properties.sku.name

properties.hostName

properties.redisVersion

properties.enableNonSslPort

Cosmos DB：

kind

（例如GlobalDocumentDB）,

properties.EnabledApiTypes

properties.consistencyPolicy.defaultConsistencyLevel

负载均衡器：
```
sku.name
```
,
```
tags.aks-managed-cluster-name
```

Application Gateway：

properties.sku.name

properties.sku.tier

properties.operationalState

properties.webApplicationFirewallConfiguration.enabled

properties.webApplicationFirewallConfiguration.firewallMode

（Detection/Prevention）,

properties.webApplicationFirewallConfiguration.ruleSetType

properties.webApplicationFirewallConfiguration.ruleSetVersion

properties.webApplicationFirewallConfiguration.disabledRuleGroups[]

properties.webApplicationFirewallConfiguration.exclusions[]

properties.firewallPolicy.id

Query Patterns

查询模式

All Azure queries build on four core patterns. Master these and adapt them to any entity type.

所有Azure查询均基于四种核心模式。掌握这些模式并根据实体类型进行调整。

Pattern 1: Resource Discovery

模式1：资源发现

List resources by type, filter by subscription/resource group/region/tags, summarize counts:

dql

smartscapeNodes "AZURE_*"
| filter azure.subscription == "<SUBSCRIPTION_ID>" and azure.location == "<REGION>"
| summarize count = count(), by: {type}
| sort count desc

To list a specific type, replace

"AZURE_*"

with the entity type (e.g.,

"AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES"

). Add

| fields name, azure.subscription, azure.resource.group, azure.location, ...

to select specific columns. Use

tags[`TagName`]

for tag-based filtering.

按类型列出资源，按订阅/资源组/区域/标签过滤，汇总数量：

dql

smartscapeNodes "AZURE_*"
| filter azure.subscription == "<SUBSCRIPTION_ID>" and azure.location == "<REGION>"
| summarize count = count(), by: {type}
| sort count desc

如需列出特定类型，将

"AZURE_*"

替换为实体类型（例如

"AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES"

）。添加

| fields name, azure.subscription, azure.resource.group, azure.location, ...

选择特定列。使用

tags[`TagName`]

进行基于标签的过滤。

Pattern 2: Configuration Parsing

模式2：配置解析

Parse

azure.object

JSON for detailed configuration fields:

dql

smartscapeNodes "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES"
| parse azure.object, "JSON:azjson"
| fieldsAdd vmSize = azjson[configuration][properties][hardwareProfile][vmSize],
            osType = azjson[configuration][properties][storageProfile][osDisk][osType]
| summarize vm_count = count(), by: {vmSize, osType, azure.location}

解析

azure.object

JSON以获取详细配置字段：

dql

smartscapeNodes "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINES"
| parse azure.object, "JSON:azjson"
| fieldsAdd vmSize = azjson[configuration][properties][hardwareProfile][vmSize],
            osType = azjson[configuration][properties][storageProfile][osDisk][osType]
| summarize vm_count = count(), by: {vmSize, osType, azure.location}

Pattern 3: Relationship Traversal

模式3：关系遍历

Follow relationships between resources. Use

"*"

for the relationship name since Azure does not populate

dt.traverse.relationship

dql

smartscapeNodes "AZURE_MICROSOFT_NETWORK_LOADBALANCERS"
| parse azure.object, "JSON:azjson"
| fieldsAdd lbSku = azjson[configuration][sku][name]
| traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS", fieldsKeep:{lbSku, name, id}
| fieldsAdd backendPoolName = name
| traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward, fieldsKeep:{backendPoolName, id}
| fieldsAdd loadBalancerName = dt.traverse.history[-2][name],
            loadBalancerId = dt.traverse.history[-2][id],
            backendPoolId = dt.traverse.history[-1][id]

Key differences from AWS traversals:

Always use
```
"*"
```
as the relationship name (relationship type names are empty for Azure)
Azure relationships primarily follow a parent-child hierarchy: sub-resources link backward to parent resources
AKS is a major relationship hub with backward links from VMSS, NSGs, LBs, Public IPs, Agent Pools, and Managed Identities

追踪资源间的关系。由于Azure未填充

dt.traverse.relationship

，请使用

"*"

作为关系名称：

dql

smartscapeNodes "AZURE_MICROSOFT_NETWORK_LOADBALANCERS"
| parse azure.object, "JSON:azjson"
| fieldsAdd lbSku = azjson[configuration][sku][name]
| traverse "*", "AZURE_MICROSOFT_NETWORK_LOADBALANCERS_BACKENDADDRESSPOOLS", fieldsKeep:{lbSku, name, id}
| fieldsAdd backendPoolName = name
| traverse "*", "AZURE_MICROSOFT_COMPUTE_VIRTUALMACHINESCALESETS", direction:backward, fieldsKeep:{backendPoolName, id}
| fieldsAdd loadBalancerName = dt.traverse.history[-2][name],
            loadBalancerId = dt.traverse.history[-2][id],
            backendPoolId = dt.traverse.history[-1][id]

与AWS遍历的关键区别：

始终使用
```
"*"
```
作为关系名称（Azure的关系类型名称为空）
Azure关系主要遵循父-子层级：子资源反向链接到父资源
AKS是主要的关系枢纽，VMSS、NSG、LB、公网IP、代理池和托管标识均反向链接到AKS集群实体

Pattern 4: Tag-Based Ownership

模式4：基于标签的归属权

Group resources by any tag for ownership/chargeback:

dql

smartscapeNodes "AZURE_*"
| filter isNotNull(tags[`<TAG_NAME>`])
| summarize resource_count = count(), by: {tags[`<TAG_NAME>`], type}
| sort resource_count desc

Common Azure tags:

tags[`ACE:CREATED-BY`]

tags[`dt_owner_email`]

tags[`dt_owner_team`]

tags[`project`]

tags[`managed-by`]

. Replace

"AZURE_*"

with a specific type to scope to one service.

Find untagged resources:

| filter arraySize(tags) == 0

按任意标签对资源分组以实现归属权/费用回溯：

dql

smartscapeNodes "AZURE_*"
| filter isNotNull(tags[`<TAG_NAME>`])
| summarize resource_count = count(), by: {tags[`<TAG_NAME>`], type}
| sort resource_count desc

常见Azure标签：

tags[`ACE:CREATED-BY`]

tags[`dt_owner_email`]

tags[`dt_owner_team`]

tags[`project`]

tags[`managed-by`]

。将

"AZURE_*"

替换为特定类型以限定到单一服务。

查找未标记资源：

| filter arraySize(tags) == 0

Reference Guide

参考指南

Load reference files for detailed queries when the core patterns above need service-specific adaptation.

Reference	When to load	Key content
vnet-networking-security.md	VNet topology, subnets, NSGs, public IPs, VPN, peering	VNet/subnet mapping, NSG blast radius, public IP detection
database-monitoring.md	Azure SQL, Cosmos DB, Redis Cache	Service tier distribution, zone redundancy, public access checks
serverless-containers.md	Functions, App Service, AKS infra, Container Apps	Runtime distribution, App Service Plan mapping, AKS node pools
load-balancing-api.md	Load Balancers, Application Gateways, API Management	LB backend pool traversal, App Gateway routing, APIM config
messaging-integration.md	Event Hubs, Service Bus, Event Grid	Namespace inventory, Kafka enablement, throughput unit analysis
storage-monitoring.md	Storage Accounts, Blob, File, Queue, Table	SKU distribution, access tier, encryption audit, public access
resource-management.md	Resource audits, tag compliance, lifecycle	Unattached disks, tag coverage, provisioning state analysis
cost-optimization.md	Cost savings, unused resources, sizing	VM SKU analysis, unattached disks, deallocated VMs
capacity-planning.md	Capacity analysis, scaling, utilization	VMSS headroom, subnet IP counts, AKS node pool sizing
security-compliance.md	Security audits, encryption, public access, Key Vault	NSG rule analysis, TLS version audit, public endpoint detection, encryption checks
resource-ownership.md	Chargeback, ownership, cost allocation	Tag-based grouping, subscription/resource-group summaries
workload-detection.md	Determine orchestration context and resolution path	AKS node, VMSS member, standalone VM detection for blast radius analysis
metrics-performance.md	Query metric timeseries for a specific resource	DQL timeseries patterns for VM, SQL, Storage, Event Hub, LB, App Service, AKS, Cosmos DB, Redis, App Gateway

当核心模式需要针对特定服务调整时，加载参考文件获取详细查询语句。

参考文件	加载时机	核心内容
vnet-networking-security.md	VNet拓扑、子网、NSG、公网IP、VPN、对等连接	VNet/子网映射、NSG影响范围、公网IP检测
database-monitoring.md	Azure SQL、Cosmos DB、Redis缓存	服务层级分布、区域冗余、公网访问检查
serverless-containers.md	Functions、App Service、AKS基础设施、Container Apps	运行时分布、App Service计划映射、AKS节点池
load-balancing-api.md	负载均衡器、Application Gateway、API Management	LB后端池遍历、Application Gateway路由、APIM配置
messaging-integration.md	Event Hubs、Service Bus、Event Grid	命名空间清单、Kafka启用状态、吞吐量单元分析
storage-monitoring.md	存储账户、Blob、File、Queue、Table	SKU分布、访问层级、加密审计、公网访问
resource-management.md	资源审计、标签合规性、生命周期	未关联磁盘、标签覆盖率、部署状态分析
cost-optimization.md	成本节约、未使用资源、规格调整	VM SKU分析、未关联磁盘、已解除分配的VM
capacity-planning.md	容量分析、伸缩、利用率	VMSS余量、子网IP数量、AKS节点池规格
security-compliance.md	安全审计、加密、公网访问、Key Vault	NSG规则分析、TLS版本审计、公网端点检测、加密检查
resource-ownership.md	成本分配、费用回溯、归属权	基于标签的分组、订阅/资源组汇总
workload-detection.md	确定编排上下文和解析路径	AKS节点、VMSS成员、独立VM检测以进行影响范围分析
metrics-performance.md	查询特定资源的指标时间序列	VM、SQL、存储、Event Hub、LB、App Service、AKS、Cosmos DB、Redis、Application Gateway的DQL时间序列模式

Best Practices

最佳实践

Query Optimization

查询优化

Filter early by subscription, resource group, and region
Use specific entity types (avoid
```
"AZURE_*"
```
wildcards when possible)
Limit results with
```
| limit N
```
for exploration
Use
```
isNotNull()
```
checks before accessing nested fields

尽早按订阅、资源组和区域过滤
使用特定实体类型（尽可能避免
```
"AZURE_*"
```
通配符）
使用
```
| limit N
```
限制探索性查询的结果数量
在访问嵌套字段前使用
```
isNotNull()
```
检查

Configuration Parsing

配置解析

Always parse

azure.object

with JSON parser:

parse azure.object, "JSON:azjson"

Use consistent field naming:

fieldsAdd configField = azjson[configuration][properties][field]

Access SKU via

azjson[configuration][sku][name]

(not inside

properties

)

Check for null values after parsing — not all entity types have the same properties structure
Use
```
toString()
```
for complex nested objects

始终使用JSON解析器解析

azure.object

：

parse azure.object, "JSON:azjson"

使用一致的字段命名：

fieldsAdd configField = azjson[configuration][properties][field]

通过

azjson[configuration][sku][name]

访问SKU（而非

properties

内部）

解析后检查空值——并非所有实体类型都具有相同的属性结构
对复杂嵌套对象使用
```
toString()
```

Organizational Hierarchy

组织层级

Always scope queries by
```
azure.subscription
```
in multi-subscription environments
Use
```
azure.resource.group
```
to narrow to a team or application boundary
Combine
```
azure.location
```
for region-specific analysis

Use

summarize ... by: {azure.subscription, azure.resource.group}

for organizational breakdowns

在多订阅环境中，始终按
```
azure.subscription
```
限定查询范围
使用
```
azure.resource.group
```
缩小到团队或应用边界
结合
```
azure.location
```
进行区域特定分析

使用

summarize ... by: {azure.subscription, azure.resource.group}

获取组织细分情况

Tagging Strategy

标签策略

Use
```
tags[`key`]
```
for filtering (backtick-quoted key names)
Check
```
arraySize(tags)
```
for untagged resources
Track tag coverage with summarize operations

Common ownership tags:

dt_owner_email

dt_owner_team

ACE:CREATED-BY

使用
```
tags[`key`]
```
进行过滤（键名使用反引号括起）
检查
```
arraySize(tags)
```
以查找未标记资源
使用汇总操作跟踪标签覆盖率

常见归属权标签：

dt_owner_email

、

dt_owner_team

、

ACE:CREATED-BY

Limitations and Notes

限制与注意事项

Smartscape Limitations

Smartscape限制

Azure object configuration requires parsing with
```
parse azure.object, "JSON:azjson"
```
Azure metrics are available as Dynatrace metrics using the
```
cloud.azure.*
```
naming convention (see Azure Metric Naming Convention)
Resource discovery depends on Azure integration configuration in Dynatrace
Tag synchronization may have slight delays

Azure对象配置需要使用
```
parse azure.object, "JSON:azjson"
```
进行解析
Azure指标以
```
cloud.azure.*
```
命名规范作为Dynatrace指标提供（参见Azure指标命名规范）
资源发现依赖于Dynatrace中的Azure集成配置
标签同步可能存在轻微延迟

Relationship Traversal

关系遍历

Azure relationship type names are empty — always use
```
"*"
```
as the relationship name in
```
traverse
```
commands
Use
```
direction:backward
```
for reverse relationships (e.g., sub-resources to parent)
Use
```
fieldsKeep
```
to maintain important fields through traversal
Access traversal history with
```
dt.traverse.history[0][id]
```
for single-hop source entity ID; use
```
lookup
```
to resolve source entity name
For multi-hop traversals,
```
dt.traverse.history[-N]
```
accesses fields carried via
```
fieldsKeep
```
Azure relationships primarily follow parent-child hierarchy patterns
AKS is a major relationship hub — expect many backward relationships converging on AKS cluster entities

Azure关系类型名称为空——在
```
traverse
```
命令中始终使用
```
"*"
```
作为关系名称
对反向关系使用
```
direction:backward
```
（例如子资源到父资源）
使用
```
fieldsKeep
```
在遍历过程中保留重要字段
使用
```
dt.traverse.history[0][id]
```
获取单跳源实体ID；使用
```
lookup
```
解析源实体名称
对于多跳遍历，
```
dt.traverse.history[-N]
```
可访问通过
```
fieldsKeep
```
保留的字段
Azure关系主要遵循父-子层级模式
AKS是主要的关系枢纽——预计会有许多反向关系汇聚到AKS集群实体

AKS Coverage

AKS覆盖范围

This skill covers AKS infrastructure-layer entities only (clusters, agent pools, VMSS, networking)
For Kubernetes workload-layer observability (pods, deployments, services, namespaces), defer to the
```
dt-obs-kubernetes
```
skill

此技能仅涵盖AKS基础设施层实体（集群、代理池、VMSS、网络）
对于Kubernetes工作负载层可观测性（Pod、Deployment、Service、Namespace），请使用
```
dt-obs-kubernetes
```
技能

General Tips

通用提示

Use
```
getNodeName()
```
for human-readable resource names
Handle null values gracefully with
```
isNotNull()
```
and
```
isNull()
```
Combine subscription, resource group, and region filters for large environments
Use
```
countDistinct()
```
for unique resource counts
The
```
azure.resourceType
```
field is lowercase ARM format (e.g.,
```
microsoft.compute/virtualmachines
```
) — useful for filtering but not for entity type matching

使用
```
getNodeName()
```
获取易读的资源名称
使用
```
isNotNull()
```
和
```
isNull()
```
优雅处理空值
在大型环境中组合订阅、资源组和区域过滤器
使用
```
countDistinct()
```
获取唯一资源数量
```
azure.resourceType
```
字段为小写ARM格式（例如
```
microsoft.compute/virtualmachines
```
）——适用于过滤但不适用于实体类型匹配