Delegated subnet IP Usage KQL

Tengku Aiman 120 Reputation points

Hello, I have a trouble in finding a IP usage in a subnet using KQL, can I get some help on that?

  1. Gian-Luca Sozzi 80 Reputation points

    Sure! - What can we do for you?

Sign in to comment

1 answer

  1. Smaran Thoomu 35,375 Reputation points Microsoft External Staff Moderator

    Hey Tengku, you can definitely get a count of which IPs are currently in use in a given subnet by running a KQL query against Azure Resource Graph (ARG) or your Log Analytics workspace. Below is an example using ARG in the Azure Portal’s Resource Graph Explorer. You’ll just need to plug in your subnet’s full resource-ID:

    Sample KQL (Resource Graph) 

    
let targetSubnet = '/subscriptions/<subID>/resourceGroups/<rgName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>';

resources

| where type == 'microsoft.network/networkinterfaces'

| mv-expand ipConfig = properties.ipConfigurations

| where ipConfig.properties.subnet.id == targetSubnet

| project nic = name, ipAddress = ipConfig.properties.privateIPAddress

| summarize usedIPCount = dcount(ipAddress), usedIPs = make_set(ipAddress)

    What this does:

    • Filters all NICs to only those attached to your subnet

    • Extracts each private IP assigned on those NICs

    • Shows you how many unique IPs are in use (usedIPCount) and the actual list (usedIPs)

    If you want a straight count of active IPs: 

    | summarize usedIPCount = dcount(ipAddress)

    Hope that helps!

    Reference docs

    1. Plan IP addressing for AKS clusters (Azure CNI sizing)
    2. Delegate and troubleshoot subnet for AKS

    Let me know:

    • Are you running this in Resource Graph or in a Log Analytics workspace?
    • Do you have the full subnet resource-ID handy?
    • Is your cluster using Azure CNI or kubenet?
    1. Tengku Aiman 120 Reputation points

      Hello, sorry for the unspecific question

      1. I am running this in Resource Graph Explorer
      2. This problem only occur on the delegated subnet, especially when related to App Service Plan(Microsoft.Web/serverfarms), Container Apps (Microsoft.web/environments)
      3. This is the example from the Portal View that we have discover, is there any way that we can fetch the subnet ip address availability through ARG or maybe Powershell?👁 VNet

      Sorry sir, I dont understand this question: Do you have the full subnet resource-ID handy?Thank you.

    2. Smaran Thoomu 35,375 Reputation points Microsoft External Staff Moderator

      Tengku Aiman Thanks for the clarification - this helps.

      What you’re seeing is expected behavior for delegated subnets (like App Service / Container Apps). In these cases, the IP usage you see in the portal (like “58 available / 59 total”) is not fully exposed via Resource Graph (ARG).

      The query shared earlier works well for NIC-based resources, but for delegated services:

      • They don’t always create visible NICs in the same way
      • So ARG won’t return complete IP usage
      • That’s why your results don’t match the portal

      What you can do

      • Continue using ARG to get partial visibility (NIC-based IPs)
      • For delegated subnets, rely on:
        • Azure Portal view (most accurate)
        • Or CLI to check subnet capacity:
      az network vnet subnet show \

      About your question on "subnet resource ID"

      This is just the full path of your subnet, like:

      /subscriptions/<subID>/resourceGroups/<rg>/providers/Microsoft.Network/virtualNetworks/<vnet>/subnets/<subnet>

      You can copy it directly from the portal → Subnet → JSON view.

      Key Point

      Right now, there is no direct KQL/ARG method to get exact IP availability for delegated subnets (like App Service / Container Apps). The portal shows this using backend calculations that are not fully exposed via ARG.

    Sign in to comment
Sign in to answer

Your answer