add suggestions

Author: HarshCasper

src/content/docs/azure/services/resource-graph.mdx

@@ -11,21 +11,29 @@ import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureF
 Azure Resource Graph is a service for querying Azure resources at scale using a structured query language.
 It helps you search, filter, and project resource metadata across subscriptions.
 Resource Graph is useful for inventory, governance checks, and automated analysis workflows.
+For more information, see [Azure Resource Graph overview](https://learn.microsoft.com/en-us/azure/governance/resource-graph/overview).
 
-LocalStack for Azure allows you to build and test Resource Graph workflows in your local environment.
-The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Resource Graph's integration with LocalStack.
+LocalStack for Azure enables users to explore resources deployed within the local environment using [Kusto Query Language (KQL)](https://learn.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabulartop-level-operators).
 
 ## Getting started
 
 This guide is designed for users new to Resource Graph and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script.
 
-Start your LocalStack container using your preferred method.
-Then start CLI interception:
+Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running:
 
 ```bash
-azlocal start_interception
+azlocal start-interception
 ```
 
+This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API.
+To revert this configuration, run:
+
+```bash
+azlocal stop-interception
+```
+
+This reconfigures the `az` CLI to send commands to the official Azure management REST API.
+
 ### Create a resource group
 
 Create a resource group for the resources you want to query:
@@ -109,69 +117,185 @@ az webapp create \
 
 ### Query resources with Resource Graph
 
-The following queries mirror the same patterns used in our validated tests:
+The Resource Graph extension must be installed to use `az graph` commands. Refer to the [official installation instructions](https://learn.microsoft.com/en-us/azure/governance/resource-graph/first-query-azurecli#install-the-extension). Use the [az graph query](https://learn.microsoft.com/en-us/cli/azure/graph?view=azure-cli-latest#az-graph-query) command to run Kusto Query language (KQL) queries against the emulator.
+The following examples demonstrate common query patterns:
 
-- filter by type: `where type =~ 'Microsoft.Web/sites'`
-- filter by type and name: `where type =~ 'Microsoft.Web/sites' and name =~ 'ls-app-doc81'`
-- filter by name: `where name =~ 'ls-app-doc81'`
-- project only IDs: `where type =~ 'Microsoft.Web/sites' and name =~ 'ls-app-doc81' | project id`
+```bash
+az graph query \
+  --graph-query "Resources | where type =~ 'Microsoft.Web/sites'"
+```
+
+```bash title="Output"
+{
+  "count": 1,
+  "data": [
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-resourcegraph-demo/providers/Microsoft.Web/sites/ls-app-doc81",
+      "location": "westeurope",
+      "name": "ls-app-doc81",
+      "properties": {},
+      "resourceGroup": "rg-resourcegraph-demo",
+      "subscriptionId": "00000000-0000-0000-0000-000000000000",
+      "type": "Microsoft.Web/sites"
+    }
+  ],
+  "skip_token": null,
+  "total_records": 1
+}
+```
 
-For example, run a query for all web sites:
+Query a web site by type and name, projecting only the `id` column:
 
 ```bash
-az rest --method post \
-  --url "http://management.localhost.localstack.cloud:4566/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01" \
-  --headers "Content-Type=application/json" \
-  --body "{\"subscriptions\":[\"00000000-0000-0000-0000-000000000000\"],\"query\":\"where type =~ 'Microsoft.Web/sites'\"}"
+az graph query \
+  --graph-query "Resources | where type =~ 'Microsoft.Web/sites' and name =~ 'ls-app-doc81' | project id"
 ```
 
 ```bash title="Output"
 {
   "count": 1,
-  "data": {
-    "columns": [
-      {
-        "name": "id",
-        "type": "string"
-      },
-      {
-        "name": "name",
-        "type": "string"
-      },
-      ...
-    ],
-    "rows": [
-      [
-        "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-resourcegraph-demo/providers/Microsoft.Web/sites/ls-app-doc81",
-        "ls-app-doc81",
-        "westeurope",
-        ...
-      ]
-    ]
-  },
-  ...
-  "totalRecords": 1
+  "data": [
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-resourcegraph-demo/providers/Microsoft.Web/sites/ls-app-doc81",
+      "resourceGroup": "rg-resourcegraph-demo"
+    }
+  ],
+  "skip_token": null,
+  "total_records": 1
+}
+```
+
+Count all resources in a resource group:
+
+```bash
+az graph query \
+  --graph-query "Resources | where resourceGroup =~ 'rg-resourcegraph-demo' | count"
+```
+
+```bash title="Output"
+{
+  "count": 1,
+  "data": [
+    {
+      "Count": 2
+    }
+  ],
+  "skip_token": null,
+  "total_records": 1
 }
 ```
 
-Or, run a query for an unknown resource name:
+List resources sorted by name with a row limit:
+
+```bash
+az graph query \
+  --graph-query "Resources | where resourceGroup =~ 'rg-resourcegraph-demo' | project name, type | order by name asc | limit 5"
+```
+
+```bash title="Output"
+{
+  "count": 2,
+  "data": [
+    {
+      "name": "asp-doc81",
+      "type": "Microsoft.Web/serverfarms"
+    },
+    {
+      "name": "ls-app-doc81",
+      "type": "Microsoft.Web/sites"
+    }
+  ],
+  "skip_token": null,
+  "total_records": 2
+}
+```
+
+Query a resource that does not exist:
+
+```bash
+az graph query \
+  --graph-query "Resources | where type =~ 'Microsoft.Web/sites' and name =~ 'doesnotexist'"
+```
+
+```bash title="Output"
+{
+  "count": 0,
+  "data": [],
+  "skip_token": null,
+  "total_records": 0
+}
+```
+
+### Query resources with the REST API
+
+An alternative way to invoke Azure Resource Graph is to call its REST API directly using the [`az rest`](https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-rest) command:
 
 ```bash
 az rest --method post \
-  --url "http://management.localhost.localstack.cloud:4566/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01" \
+  --url "http://azure.localhost.localstack.cloud:4566/providers/Microsoft.ResourceGraph/resources?api-version=2024-04-01" \
   --headers "Content-Type=application/json" \
-  --body "{\"subscriptions\":[\"00000000-0000-0000-0000-000000000000\"],\"query\":\"where type =~ 'Microsoft.Web/sites' and name =~ 'doesnotexist'\"}"
+  --body "{\"subscriptions\":[\"00000000-0000-0000-0000-000000000000\"],\"query\":\"Resources | where type=~'Microsoft.Web/sites'\", \"options\":{\"resultFormat\":\"objectArray\"}}"
 ```
 
 ```bash title="Output"
 {
-  "count": 0,
+  "count": 1,
+  "data": [
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-resourcegraph-demo/providers/Microsoft.Web/sites/ls-app-doc81",
+      "location": "westeurope",
+      "name": "ls-app-doc81",
+      "properties": {},
+      "resourceGroup": "rg-resourcegraph-demo",
+      "subscriptionId": "00000000-0000-0000-0000-000000000000",
+      "type": "Microsoft.Web/sites"
+    }
+  ],
   "facets": [],
   "resultTruncated": "false",
-  "totalRecords": 0
+  "totalRecords": 1
 }
 ```
 
+## Features
+
+The Resource Graph emulator supports the following features:
+
+- **KQL query engine**: A built-in parser and executor for the Kusto Query Language (KQL) subset used by Azure Resource Graph.
+- **Tabular and object result formats**: The `resultFormat` option controls whether results are returned as a column/row table or as an array of objects.
+- **Scalar functions**: Built-in functions including `tolower`, `toupper`, `strlen`, `trim`, `substring`, `strcat`, `isnull`, `isnotnull`, `isempty`, `isnotempty`, `tostring`, `toint`, `tolong`, `todouble`, and `coalesce`.
+- **Comparison operators**: Full support for `==`, `!=`, `=~`, `!~`, `contains`, `!contains`, `contains_cs`, `!contains_cs`, `startswith`, `!startswith`, `endswith`, `!endswith`, `has`, `!has`, `in`, `!in`, and `matches regex`.
+- **Aggregate functions**: `count()`, `dcount()`, `countif()`, `sum()`, `sumif()`, `avg()`, `min()`, and `max()` for use in `summarize` stages.
+
+## Limitations
+
+- **Single table only**: The emulator queries the `Resources` table. Other Resource Graph tables (such as `ResourceContainers`, `AdvisorResources`, and `SecurityResources`) are not available.
+- **No data persistence across restarts**: Resource metadata is not persisted and is lost when the LocalStack emulator is stopped or restarted.
+
+### Supported tabular operators
+
+The table below lists the KQL tabular operators supported by Azure Resource Graph and their availability in the LocalStack emulator.
+For the full reference, see [Supported tabular/top-level operators](https://learn.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabulartop-level-operators).
+
+| Operator | Supported | Notes |
+|---|---|---|
+| `count` | Yes | Returns a single row with the total number of input rows. |
+| `distinct` | Yes | Deduplicates rows by the specified columns. |
+| `extend` | Yes | Adds computed columns to the result set. |
+| `join` | No | Cross-table joins are not supported. The emulator does not implement `ResourceContainers` or other secondary tables. |
+| `limit` | Yes | Synonym of `take`. |
+| `mv-expand` | No | Array expansion into multiple rows is not supported. |
+| `order` | Yes | Synonym of `sort`. Supports `asc` and `desc` directions. |
+| `parse` | No | String parsing with pattern matching is not supported. |
+| `project` | Yes | Supports column selection and aliased expressions. |
+| `project-away` | Yes | Removes specified columns from the result set. |
+| `sort` | Yes | Synonym of `order`. |
+| `summarize` | Yes | Supports aggregate functions with an optional `by` clause. |
+| `take` | Yes | Synonym of `limit`. |
+| `top` | Yes | Returns the first N rows sorted by specified columns. |
+| `union` | No | Combining results from multiple tables is not supported. |
+| `where` | Yes | Filters rows using comparison, logical, and string operators. |
+
 ## API Coverage
 
 <AzureFeatureCoverage service="Microsoft.ResourceGraph" client:load />