Stack Overflow
Stack Overflow

Questions tagged [kql]

Kusto Query Language (KQL). Use this tag with any questions or advice of operator, complicated query, performance challenges or missing capabilities. KQL is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model designed to make the syntax easy, author and automate. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.

Pluralsight Course: Basics of KQL

559 questions
6
votes
1 answer

Looking for a unique "Conversation ID" in the App Insights for QnA Maker

We're using QnA Maker attached to an Azure Bot Service. In the Knowledge Base (KB), we've added a Follow up Prompt to every question that says This did NOT answer my question: Meaning if a bad response was provided, the end-user could indicate so,…
3-putt
  • 209
  • 1
  • 8
5
votes
2 answers

How to use mvexpand on an json array of key/value pairs

I have a custom property in my appInsights telemetry that is a json array of a key/value pairs. What I want to do is project out that key/value pair and it seems that using parsejson and mvexpand together is how to achieve this; however, I seem to…
Tedford
  • 2,498
  • 2
  • 31
  • 42
4
votes
1 answer

Kusto row_cumsum modifying the Term if Term reaches a point

I have a list of Employee names and Salaries in the following order I need to create the output table in the below format. ie, whenever the accumulated salary-total crosses 3000 I have to detect that and mark that row. I have tried to do…
Justin Mathew
  • 419
  • 2
  • 16
4
votes
1 answer

Kibana. Filtering records by matching values from another filtering

I see such messages in kibana for a period of 5 seconds: Date, Message, TraceId Dec 10, 2020 @ 10:49:50.285 New request start http://somehost/path1 7ec708ab153e644f Dec 10, 2020 @ 10:49:51.179 New request end http://somehost/path1 …
Anton
  • 1,031
  • 1
  • 8
  • 6
4
votes
1 answer

Query multiple tables in Azure Log Analytics

I am looking at Azure log analytics for a web app, and I have multiple out-of-the-box "tables" containing data: traces, requests, exceptions, etc. Can I construct a query that runs on data from multiple tables? I don't want to join data from…
Peter
  • 2,857
  • 1
  • 26
  • 32
4
votes
2 answers

How to write Kusto query to get results in one table?

I have 2 KQL queries and I want to combine them in order to display two rows as one result. Not just result of first query, then result of second query: R_CL | where isnotempty(SrcIP_s) | project Message | take 1; R_CL | where isempty(SrcIP_s)…
irom
  • 2,506
  • 8
  • 43
  • 71
4
votes
1 answer

How do I get one record per day for the last 30 days for each unique ID in Kusto?

My data source is "Metadata". Each device has a unique ID, and can check in multiple times per day. I want to come up with a Kusto query that returns one record per day for the last 30 days for each deviceID. Here is my current…
Tim G
  • 117
  • 1
  • 9
3
votes
2 answers

How to evaluate Application Insights requests "own" duration, without considering duration of dependencies?

I'm trying to produce a Kusto query to measure the "own" duration of the requests (subtracting out durations of dependencies). However, I can't really figure out how to work this out through a pure Kusto query. To better understand what would would…
nulltoken
  • 55,645
  • 19
  • 127
  • 125
3
votes
1 answer

Kusto create an in-memory table for testing

Just looking to create a quick in-memory/temp table for testing out queries. I've seen this done before but I'm having trouble finding any examples from a web search or StackOverflow search. I'm looking for something like this: let TempTable =…
SendETHToThisAddress
  • 1,477
  • 2
  • 15
  • 29
3
votes
1 answer

Kusto query issue with title keyword

I assume title may be reserved word or similar but query below refuses to be parsed around c.title. Not sure what exactly the issue with query itself AzureActivity | where CategoryValue == "ResourceHealth" and ResourceProviderValue ==…
Gregory Suvalian
  • 2,895
  • 1
  • 23
  • 48
3
votes
1 answer

How to fetch IIS Start log for a corresponding IIS Stop log in Azure Log Analytics outside of Alert's monitoring time period

I'm working on configuring an Azure Log Analytics alert (using KQL) to capture the IIS Stop & Start events (from Events table) in my OMS Workspace, and if the alert query finds that there's no corresponding IIS Start event log generated from a PaaS…
Yash Gupta
  • 402
  • 5
  • 11
3
votes
2 answers

How to find last occurrence of a substring using Kusto Query Language?

Kusto Query Language provides IndexOf function (searches the first occurrence). The question is how to find the last occurrence of some substring.
ZakiMa
  • 3,795
  • 1
  • 13
  • 40
3
votes
2 answers

How to output multiple variables using Azure Kusto?

I'm fairly new to Azure Kusto query-language. I'm trying to output 2 variables. This has to be something very simple, I just don't know how. I have tried using datatable, make-series, print, etc. functions to no avail. Here's my current code: let…
bulkware
  • 43
  • 3
3
votes
2 answers

Azure Data Explorer (kusto) how to summarize by day and top with “others”?

I’m newbie in Kusto language – please help me to create query. Here dataset: let T = datatable(d:datetime , s:string) [ datetime(2019-10-01T00:01:00.00), "A", datetime(2019-10-01T00:02:00.00), "A", datetime(2019-10-01T00:03:00.00), "A", …
Georgy Nevsky
  • 69
  • 1
  • 7
3
votes
1 answer

How do I write a Kusto query that uses a regex to filter on a where clause

In Azure Log Analytics I'm trying to use Kusto to query requests with a where condition that uses a regex. The query I'm trying is requests | where customDimensions.["API Name"] matches regex "\w*-v\d*" but this returns a syntax error. The…
Nick Graham
  • 674
  • 1
  • 8
  • 17
1
2 3
37 38