您能否帮助我确定在属性字段中查找某个电子邮件地址时需要使用哪种类型的通配符?
我知道我要查找的电子邮件地址在2号插槽中。如果不知道插槽号,我如何找到电子邮件地址?我可以使用[*]代替[2]吗?
以下是我的疑问:
resources
| where type == 'microsoft.insights/actiongroups'
| where properties["enabled"] in~ ('true')
| where properties['emailReceivers'][2]['emailAddress'] == "DevSecOps@pato.com"
| project id,name,resourceGroup,subscriptionId,properties,location
| order by tolower(tostring(name)) asc
我的属性字段中有以下数据:
{
"enabled": true,
"automationRunbookReceivers": [],
"azureFunctionReceivers": [],
"azureAppPushReceivers": [],
"logicAppReceivers": [],
"eventHubReceivers": [],
"webhookReceivers": [],
"armRoleReceivers": [],
"emailReceivers": [
{
"name": "TED",
"status": "Enabled",
"useCommonAlertSchema": true,
"emailAddress": "tedtechnicalengineeringdesign@pato.com"
},
{
"name": "SevenOfNine",
"status": "Enabled",
"useCommonAlertSchema": true,
"emailAddress": "sevenofnine@pato.com"
},
{
"name": "PEAT",
"status": "Enabled",
"useCommonAlertSchema": true,
"emailAddress": "DevSecOps@pato.com"
}
],
"voiceReceivers": [],
"groupShortName": "eng-mon",
"itsmReceivers": [],
"smsReceivers": []
}
我尝试使用[*]代替[2],但没有效果。
2条答案
按热度按时间dfty9e191#
where properties.emailReceivers has_cs "DevSecOps@pato.com"
is theoretically not 100% safe ("DevSecOps@pato.com" might appear in fields other than "emailAddress"), but in your case it might be enough and if you have a large data set it will also be fast.If you need a 100% guarantee, then also add the following:
where dynamic_to_json(properties.emailReceivers) matches regex '"emailAddress":"DevSecOps@pato.com"'
It's not pretty, but Azure Resource Graph uses just a subset of the KQL supported by Azure Data Explorer.
Fiddle
vyswwuz22#
我找到了一种方法,使用关键字“包含”。
这样就不需要指定它应该在哪个插槽中找到它,它可以是[0]、[1]、[2]...[n]