Stack Overflow
Stack Overflow

Questions tagged [kql]

Kusto Query Language (KQL). Use this tag with any questions or advice of operator, complicated query, performance challenges or missing capabilities. KQL is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model designed to make the syntax easy, author and automate. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.

Pluralsight Course: Basics of KQL

559 questions
2
votes
1 answer

Kusto | Summarize count() multiple columns with where clauses

I'm trying to get the count of multiple things in a Kusto query but having trouble getting it working. Let's say I have a sample table like this: let SampleTable = datatable(Department:string, Status:string, DateStamp:datetime) [ "Logistics",…
SendETHToThisAddress
  • 1,477
  • 2
  • 15
  • 29
2
votes
1 answer

Kusto show function | show info about function

Is there a keyword to show a function in Kusto? For example if I have a function like this: let EnterString = (a:string) { strcat("You entered '", a, "'.") }; Can I call something like .show to show the function? .show EnterString Expected…
SendETHToThisAddress
  • 1,477
  • 2
  • 15
  • 29
2
votes
1 answer

Kusto !has_any | where value does not contain any value in set

Is there a built-in way in Kusto to check that a value does not contain multiple items? I know that I can use has_any to check if an item contains any values in a set, but I can't seem to get it to work with an "!" operator. Example: let Employees =…
SendETHToThisAddress
  • 1,477
  • 2
  • 15
  • 29
2
votes
1 answer

How can i do a "GROUP BY WITH ROLLUP" in Kusto?

In T-SQL, when grouping results, you can also get a running total row when specifying "WITH ROLLUP". How can i achieve this in Kusto? So, consider the following query: customEvents | summarize counter = count() by name The query above gives me a…
Davy
  • 5,760
  • 4
  • 21
  • 31
2
votes
1 answer

how to convert the query result data to json format in kusto query language

I'm working on a logic app which will create a bug I have to display description in the work item like below: { "Description": { "Title":"", "Validation step":"", "OperationActivityId:":"", "Environment…
Gaurav Joshi
  • 353
  • 2
  • 9
2
votes
1 answer

Azure data explorer query to lookup country from an IP address

I am looking for help on constructing a KQL query to find country based on the IP. So far I have a table called "Events" with 3 columns like so: username, logintime, sourceIP A concrete example would be: bob, 2020-04-28T21:29:42Z, 1.2.3.4 I also…
user3030107
  • 33
  • 4
2
votes
1 answer

How to write a kusto query to group n number of consecutive rows based on value in a column

I have a dataset that has values as following DataSet: Col1 Col2 A 0 B 1 C 1 D 1 E 0 F 0 G 1 H 0 I 0 J 0 K 1 I want the result to be as follows: Col1 Col2 [A] 0 [B, C, D] 1 [E, F] 0 [G] 1 [H, I, J] 0 [K] 1 or…
Anila Zafar
  • 23
  • 2
2
votes
1 answer

Projecting each day of the week in KQL

Within an Azure dashboard I'm wanting to create a tile which shows exceptions over the last 7 days, however the KQL below will obviously only return a data point where there has been an exception on a particular day. How do I get it to return zero…
atamata
  • 683
  • 2
  • 10
  • 21
2
votes
1 answer

A chart with a single number using Kusto Query Language

I have a simple Kusto request, something like the following: customMetrics | where timestamp > ago(10m) | where name == "Custom metric number one" | summarize sum(value) Obviously, the result of this query is a single number. I would…
Oleksii Serik
  • 51
  • 4
2
votes
1 answer

Kusto.Explorer - Authentication Trouble

I'm having trouble adding a connection in the Kusto.Explorer desktop app 1.0.3.949. I can login via Web UI but in the desktop app it gives me this error: This normally represents a permanent error, and retrying is unlikely to help. Please provide…
steven hurwitt
  • 101
  • 9
2
votes
1 answer

Query to Get Multiple y-series for Using ysplit=panels to render multiple panels

How do I write my query to create the data result in the proper format to be plotted in multiple panels using the | render timechart with (ysplit=panels) output? Looking at Microsoft's examples, I need to have my IPPrefix column to produce multiple…
Stringfellow
  • 1,870
  • 1
  • 16
  • 28
2
votes
1 answer

Azure Kusto time series

We are having some trouble using the time charts in Azure Kusto. In this chart we have grouped http exceptions over time. The issue is that the chart still reports the last seen value for points in time where that exception does not exist. See red…
Roger Johansson
  • 20,991
  • 14
  • 87
  • 174
2
votes
2 answers

Using both 'distinct' and 'project'

In Azure Data Explorer, I am trying to use both the 'project' and 'distinct' keywords. The table records have 3 fields I want to use the 'project' on: CowName CowType CowNum CowLabel But there are many other fields in the table such as Date,…
Adam
  • 35
  • 1
  • 5
2
votes
1 answer

How to summarize time window based on a status in Kusto

I have recently started working with Kusto. I am stuck with a use case where i need to confirm the approach i am taking is right. I have data in the following format In the above example, if the status is 1 and if the time frame is equal to 15…
Justin Mathew
  • 419
  • 2
  • 16
2
votes
1 answer

Using KQL to search on subnets

I want to search something for IP's coming from a specific set of subnets. Some query languages are smart enough to know a /24 is a subnet, but KQL is not. Is there an alternative to this? This is not what I'll be searching on, but for the sake of…
C. Lozach
  • 31
  • 2
1 2
3
37 38