Press "Enter" to skip to content

The KQL where Operator

Published 2022-04-27 by Kevin Feasel

Robert Cain continues a series on KQL:

In my previous post, we saw how the search operator was used to limit the results of a query. This post will focus on the where operator, which performs a similar function.

Whereas search is used to limit based on matching of a string, the where operator is used to match based on a condition. In this post we’ll see some of the conditions that can be used with a where operator to narrow down a dataset.

Read on for plenty of uses of the operator.

Published in KQL