Press "Enter" to skip to content

Category: KQL

Walking through the Azure Log Analytics User Interface

Published 2022-04-12 by Kevin Feasel

Robert Cain starts a new series on KQL:

The area in the upper half is where you enter the query you want to run. The lower half is where the results are displayed. We’ll see an example of this in action later in this post.

Just above the query area is a toolbar. The Run button will execute the query you’ve entered. Note too, you can use the keyboard command SHIFT+ENTER to run a query. I’m a keyboard guy, so this is what I use most often to run queries, which you’ll see if you take either of my KQL courses on Pluralsight (I’ve linked to them in the Conclusion of this post).

Read on for a walkthrough of the product. Robert also mentions his Pluralsight course, which I thoroughly enjoyed and used as research materials for a talk I put together.

Comments closed

Merging ADX Queries in Power BI

Published 2022-04-11 by Kevin Feasel

Dany Hoter joins two Azure Data Explorer tables using Power Query:

The merge operation (Table.NestedJoin) is the M language equivalent to creating relationships between tables in the model.

The resulting ADX operation is join.

You can join ADX tables by writing KQL, by using relationships or by merging queries in Power Query.

In this article I’ll show how to use merge in a way that produces efficient KQL queries without the need to write any KQL syntax.

Click through for the process.

Comments closed

Performance Optimization for Azure Data Explorer

Published 2022-04-06 by Kevin Feasel

Ashok Anand Kumar has some performance tips:

Azure Data Explorer provides the capability to easily fetch telemetry data from a variety of data sources and run complex analytical queries. Azure Data Explorer supports both batch and streaming ingestion to support near real-time latency requirements. Batch ingestion will have latencies based on the batching policy and query frequency from applications. Streaming ingestion can be leveraged for low latency requirements. Data is cached and indexed for faster query performance and optionally exported out to Azure Data Lake in parquet format for batch processing and integration with other Big Data and Machine Learning (ML) services. 

Read on for several tips.

Comments closed

The Basics of KQL

Published 2022-02-24 by Kevin Feasel

I take a look at some basic KQL statements:

In order to query data, we need to use the Kusto Query Language, KQL. If you’re familiar with Splunk’s language, KQL is pretty similar. It’s just enough like SQL that it feels like you should understand it but not SQL-like enough that you’ll actually have an intuitive understanding of the language.

One quick note is that all KQL statements are case-sensitive. I personally consider this a mistake in a query language, but they didn’t ask me, I suppose. With that said, let’s get digging.

Seriously, case sensitivity in programming languages is an annoyance at best.

Comments closed

Using KQL to Extract JSON Data in Power BI

Published 2022-02-23 by Kevin Feasel

Dany Hoter shreds some JSON:

In Kusto (aka Azure Data Explorer aka ADX) you can have columns in a table that contain JSON structures.

In KQL it is very easy to extract elements from these columns and use them as regular columns.

It requires more resources but overall, it is standard.

An example can be found in the table TransformedMetrics in the SampleMetrics databases in the help cluster.

Click through for that process.

Comments closed

Deleting Individual Records from Azure Data Explorer

Published 2022-02-17 by Kevin Feasel

Slavik Neimer shows how to delete records from a table in Azure Data Explorer:

Azure Data Explorer is a big data analytics platform that takes care of everything required to ensure real time decision making can take place, or at least, near real time. This includes data ingestion, data querying, data visualization and data management.

In this blog post you’ll learn how to delete individual records from a table, and how it works behind the scenes.

Of particular note is the whatif=true clause, as it’d be nice to see what you burn before you burn it.

Comments closed

Drawing a Christmas Tree with KQL

Published 2021-12-22 by Kevin Feasel

Guy Reginiano has a task:

KQL isn’t just super-powerful, it’s also fun!
See how you can draw a tree using KQL and learn some of the functions and operators available.
Inspired by https://lnkd.in/eCgFzBTw. Feel free to design and share your own trees!

I kind of want to make this a Hello World type of exercise, ranking languages by their Christmas Tree Generation Capability Score, or CTGC. Maybe I’ll shorten it to TGC to make it a TLA.

Comments closed