KQL – Page 11 – Curated SQL

KQL Extract

Published 2022-07-26 by Kevin Feasel

Almost all languages have the ability to extract part of a string. In C#, this is the Substring method of a string. With SQL, it is the SUBSTRING command.
Kusto has an operator that will perform this same task, it is called extract. In this post we’ll see some examples of using it.

Click through to see how extract works.

Comments closed

Sorting in KQL

Published 2022-07-21 by Kevin Feasel

Robert Cain continues a series on KQL:

Like most query languages, the Kusto Query Language as the ability to sort the output. It works almost, but not quite, like you expect. So let’s take a look at the KQL sort operator.

Read on to get the general idea but also some of the nuance behind this operator.

Comments closed

The ago() Function in KQL

Published 2022-07-14 by Kevin Feasel

Robert Cain continues a series on learning the Kusto Query Language:

The ago function is very similar to the now function, which was discussed in my previous post Fun With KQL – Now. In this article we’ll take a look at ago, see how it works and how it differs from now.
We’ll be using both the print operator and the now function in this post, so if you aren’t familiar with them please go read my articles Fun With KQL – Print and Fun With KQL – Now.

Click through for proper use of ago().

Comments closed

Getting the Time in KQL

Published 2022-07-07 by Kevin Feasel

Robert Cain doesn’t have time to wait:

What time is it? That’s what the KQL function now will tell you. It will return the current date and time. It is mostly used in queries where you need data relative to the current date and time.

Read on to see how you can use it, including with offset intervals.

Comments closed

Azure Data Explorer Web Updates

Published 2022-07-05 by Kevin Feasel

Michal Bar has a few updates to the Azure Data Explorer web tool:

We are focused on continuously improving the results exploration experience in ADX web UI, to make it easy and intuitive. Our goal is to provide an easy-to-use UI so that you will not be required to re-write KQL queries in order to perform light-weight data exploration.

Click through to see how you can search and filter within the results pane (something I’d like to see in other Microsoft data platform tools like SSMS), create series panels on charts from KQL, and more.

Comments closed

The Print Operator in KQL

Published 2022-07-01 by Kevin Feasel

Robert Cain continues a series on KQL:

In this post we’ll cover the print operator. This Kusto operator is primarly used as a development tool, to test calculations.
The samples in this post will be run inside the LogAnalytics demo site found at https://aka.ms/LADemo. This demo site has been provided by Microsoft and can be used to learn the Kusto Query Language at no cost to you.

Importantly, this is an operator and not a statement. This is in contrast to languages like T-SQL.

Comments closed

Power BI Aggregations from Azure Data Explorer Data

Published 2022-06-27 by Kevin Feasel

Dany Hoter has some recommendations if you’re aggregating data from Azure Data Explorer into Power BI:

Every visual shown in a report in PBI, contains some form of aggregation
The question is how the aggregations are calculated and at which step in the pipe of bringing the data from the data source to the report.
In this article, I’ll be using data coming from Azure Data Explorer aka Kusto aka ADX.
Most of the content is relevant for other sources as well.

Read on for the advice, which I’d call fairly unexpected—I actually expected the recommendation to go the other way for performance reasons.

Comments closed

The top Operator in KQL

Published 2022-06-21 by Kevin Feasel

Robert Cain has top men working on this. Top. Men:

Top 10 lists are all the rage on the internet. Everywhere you look you see “Top 10 Cute Kitten Videos” or “Top 10 Pluralsight Videos by ArcaneCode”.
KQL includes a top operator so you can generate your own top lists. Even better, you are not limited to just ten items either.

Read on to see how you can use the top operator in KQL.

Comments closed

The Distinct Operator in KQL

Published 2022-06-14 by Kevin Feasel

Robert Cain continues a look at KQL query syntax:

As with other languages such as SQL, KQL has an operator for returning a unique list of values in a column: distinct. Using this you can return the values in a column, but only once, removing any duplicate values from the result set.

Click through for a few examples of how you can use distinct as well as one terrible pun.

Comments closed

Guidance on When to Use Azure Data Explorer

Published 2022-06-13 by Kevin Feasel

Tzvia Gitlin Troyna has a flow chart for us:

Azure Data Explorer is a big data interactive analytics platform that empowers people to make data driven decisions in a highly agile environment. The factors listed below can help assess if Azure Data Explorer is a good fit for the workload at hand. These are the key questions to ask yourself.
The following flowchart table summarize the key questions to ask when you’re considering using Azure Data Explorer.

In addition to the flow chart, there is a table of three common patterns of interaction which ADE can do well.

Comments closed

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Category: KQL