A Fine Slice Of SQL Server
Robert Cain continues a series on KQL:
When data is analyzed, it is seldom done on a row by row basis. Instead, data analysts look at the big picture, looking at total values. For example, the total number of times the disk transfer counter is recorded for a time period may give an indication of disk utilization.
To aggregate these values with KQL, we’ll use the
summarizeoperator.
Read on for plenty of demos.
Comments closedRobert Cain continues a series on KQL operations:
The previous post in the series covered the
takeoperator. In that post I mentioned thattakewas one of the simplest operators in KQL. But it is not the simplest, that honor goes to thecountoperator.The
countoperator does nothing more than takes the piped in dataset and returns the number of rows in it. We’ll see more in a moment.
Click through to see more.
Comments closedRobert Cain continues a series on KQL:
In this example we took the
Perftable, and piped the dataset it generated into thetakeoperator. We indicated we wanted to get10rows, which it did as you can see.It is important to understand that
takegrabs these rows at random. Further, there is no consistency between each execution oftake. You are likely to get a different set of rows with each execution. Let me run the exact same query again, so you can see the different data being returned.
Take if you want a slice, if you want a piece, if it feels alright.
Comments closedRobert Cain continues a series on KQL:
In my previous post, we saw how the
searchoperator was used to limit the results of a query. This post will focus on thewhereoperator, which performs a similar function.Whereas
searchis used to limit based on matching of a string, thewhereoperator is used to match based on a condition. In this post we’ll see some of the conditions that can be used with awhereoperator to narrow down a dataset.
Read on for plenty of uses of the operator.
Comments closedRobert Cain looks at the search operator in KQL:
In this post we will examine the KQL (Kusto Query Language)
searchoperator. Search allows us to look across all columns in one or more tables for a specific text string.The samples in this post will be run inside the LogAnalytics demo site found at https://aka.ms/LADemo. This demo site has been provided by Microsoft and can be used to learn the Kusto Query Language at no cost to you.
Click through to learn more about this very useful operator.
Comments closedRobert Cain starts a new series on KQL:
The area in the upper half is where you enter the query you want to run. The lower half is where the results are displayed. We’ll see an example of this in action later in this post.
Just above the query area is a toolbar. The Run button will execute the query you’ve entered. Note too, you can use the keyboard command SHIFT+ENTER to run a query. I’m a keyboard guy, so this is what I use most often to run queries, which you’ll see if you take either of my KQL courses on Pluralsight (I’ve linked to them in the Conclusion of this post).
Read on for a walkthrough of the product. Robert also mentions his Pluralsight course, which I thoroughly enjoyed and used as research materials for a talk I put together.
Comments closedDany Hoter joins two Azure Data Explorer tables using Power Query:
The merge operation (Table.NestedJoin) is the M language equivalent to creating relationships between tables in the model.
The resulting ADX operation is join.
You can join ADX tables by writing KQL, by using relationships or by merging queries in Power Query.
In this article I’ll show how to use merge in a way that produces efficient KQL queries without the need to write any KQL syntax.
Click through for the process.
Comments closedAshok Anand Kumar has some performance tips:
Azure Data Explorer provides the capability to easily fetch telemetry data from a variety of data sources and run complex analytical queries. Azure Data Explorer supports both batch and streaming ingestion to support near real-time latency requirements. Batch ingestion will have latencies based on the batching policy and query frequency from applications. Streaming ingestion can be leveraged for low latency requirements. Data is cached and indexed for faster query performance and optionally exported out to Azure Data Lake in parquet format for batch processing and integration with other Big Data and Machine Learning (ML) services.
Read on for several tips.
Comments closedI take a look at some basic KQL statements:
In order to query data, we need to use the Kusto Query Language, KQL. If you’re familiar with Splunk’s language, KQL is pretty similar. It’s just enough like SQL that it feels like you should understand it but not SQL-like enough that you’ll actually have an intuitive understanding of the language.
One quick note is that all KQL statements are case-sensitive. I personally consider this a mistake in a query language, but they didn’t ask me, I suppose. With that said, let’s get digging.
Seriously, case sensitivity in programming languages is an annoyance at best.
Comments closedIn Kusto (aka Azure Data Explorer aka ADX) you can have columns in a table that contain JSON structures.
In KQL it is very easy to extract elements from these columns and use them as regular columns.
It requires more resources but overall, it is standard.
An example can be found in the table TransformedMetrics in the SampleMetrics databases in the help cluster.
Click through for that process.
Comments closed