Someone drops a KQL query in your lap and says “you know SQL right?”. Honestly, it’s different enough to trip you up, but similar enough that you’ll pick it up quickly.
In this post I want to touch on what KQL is, why it matters, and show how familiar (or different) it is compared to our beloved SQL.
I’m a pretty big fan of KQL. If you’re at all familiar with Splunk’s querying language, the semantics are quite similar. If you aren’t, Andy provides a comparison to T-SQL.