KQL – Page 9 – Curated SQL

IsNull and IsEmpty in KQL

Published 2022-10-18 by Kevin Feasel

Robert Cain’s fuel gauge is running on E:

In writing queries, it is not uncommon to get results where a column has missing values. This can cause concerns or questions from your users. “Why is this blank?”, “There must be something wrong with your query its missing data!”.
To avoid this, Kusto provides two functions to check for missing values: isnull and isempty. You can combine this with the iif function (covered in the Fun With KQL – IIF post) to provide clarifying text to the end user.

Check out the examples of how to use these two functions in Robert’s post.

Comments closed

Azure Data Explorer Query Performance

Published 2022-10-12 by Kevin Feasel

Devang Shah and Surya Teja Josyula do some analysis:

The below screenshot shows the results of a load test conducted on ADX using Grafana k6. This load test included 10 different queries that were concurrently sent to ADX for a duration of 3 mins generating a total request volume of 2144 requests, nearly 12 requests per second. P95 response time from ADX was 2.38 seconds which was well within the desired performance measure of the customer.

Read on to learn more.

Comments closed

Case Operations in KQL

Published 2022-10-11 by Kevin Feasel

Robert Cain needs more than two paths for branching logic:

In my previous post Fun With KQL – IIF, we saw how to use the Kusto iif function to check for a condition then perform an action based on the result of a condition.
What if you had multiple conditions you need to check? While you could string multiple iif functions together there’s better solution: the KQL case function.

Robert includes several examples, as well as a check of whether KQL does short circuiting or not.

Comments closed

IIF in KQL

Published 2022-10-05 by Kevin Feasel

Robert Cain didn’t stutter:

Pretty much every query language, indeed any coding language, has a form of an if statement. An if statement evaluates a condition for true or false, then takes an action based on that result.
In KQL, this is manifested using the iif function. In this post we’ll see two examples of how an iif can be used in your Kusto queries.

Check it out, iif you dare.

Comments closed

Extracting Parts of DateTimes with KQL

Published 2022-09-28 by Kevin Feasel

Robert Cain continues a series on KQL:

In the previous post, Fun With KQL – Format_TimeSpan, we saw how to extract pieces of a timespan datatype. In this post, we’ll see how to extract parts of a datetime datatype using the datetime_part function.

As always, Robert has several examples to make things clear.

Comments closed

Format_TimeSpan in KQL

Published 2022-09-20 by Kevin Feasel

Robert Cain continues a series on KQL:

If you refer back to my post Fun With KQL – DateTime Arithmetic, you may recall that when you perform any math with datetime data types, such as subtracting one date from another to get the amount of elapsed time, the resulting data type is a timespan.
In this post, we’ll see how to format timespan data types using the format_timespan function.

As always, Robert teaches by example here so go ahead and check that out.

Comments closed

Azure Data Explorer September 2022 Updates

Published 2022-09-19 by Kevin Feasel

Shaf Mahmood has a few updates for us:

The optimized autoscale feature has been in place and using reactive logic. It has been helping ADX users by adjusting the cluster size when there is an increase in resources due to ingestion or query load. The optimized autoscale feature has been further improved with predictive logic. This logic monitors the same metrics as the reactive logic and over time builds up the cluster usage pattern and uses this to forecast and plan the size of the cluster. The reactive logic is still used to ensure any forecast anomalies or usage pattern changes are still autoscaled appropriately.

There are a few cost-related updates but also updates to visuals, data ingestion, and more.

Comments closed

Loading the Synapse Data Explorer Pool

Published 2022-09-19 by Kevin Feasel

Gauri Mahajan loads some event data for analysis:

In my previous article, Getting started with Data Explorer pools in Azure Synapse, we learned how to create Data Explorer pools in Azure Synapse and the unique value that Data Explorer brings to semi-structured and free-text data. The creation of the Data Explorer pool is the first step in the process. After the pool is created, one can create data structures, ingest data and then use it for consumption. Data Explorer pool interface provides different ways of ingesting data into the pool including one-click ingestion.

Some of these techniques are really straightforward. Others—especially if you’re talking about large amounts of data—do require installing and working with local tooling.

Comments closed

Format_DateTime in KQL

Published 2022-09-13 by Kevin Feasel

Robert Cain continues a series on KQL:

Reformatting dates is very common when querying data. You may, for example, wish to come up with a more compact date than the default KQL returns. Perhaps you work for an international company. In some countries you may want the date in month/day/year format, while other countries would prefer day/month/year.
Fortunately Kusto provides the format_datetime function that allows you to do just this. We’ll take a look at it in this article.

Read on for a variety of examples.

Comments closed

Breaking Changes in Azure Data Explorer Window Functions

Published 2022-09-07 by Kevin Feasel

Gabi Lehner announces an upcoming bugfix:

This is a Breaking change when using window functions inside partition operator sub-query scope.
Window functions require a serialized/ordered input.
There is a bug in Azure Data Explorer logic that allows using window functions inside the partition operator when the ordering is performed outside the partition query scope like this:

Click through for what currently works as well as its future replacement.

Comments closed

Category: KQL