Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.
Questions tagged [azure-data-explorer]
1815 questions
17
votes
1 answer
How to remove time part from a datetime in Kusto
If I've got a Kusto datetime and I want to remove the time portion, leaving just a date at midnight, what's the best way? I can do this
todatetime(format_datetime( now(), "yyyy-MM-dd"))
but surely there's a more efficient way?
Rory
- 40,559
- 52
- 175
- 261
14
votes
2 answers
Is it possible to mult-line comment in Kusto?
I can definitely use "//" to comment every line, but was wondering if there was a way to do avoid doing this.
Beverly Ukandu
- 141
- 1
- 5
13
votes
1 answer
Kusto !has_any | where value does not contain any value in set
Is there a built-in way in Kusto to check that a value does not contain multiple items? I know that I can use has_any to check if an item contains any values in a set, but I can't seem to get it to work with an "!" operator.
Example:
let Employees =…
SendETHToThisAddress
- 2,756
- 7
- 29
- 54
13
votes
1 answer
Kusto create an in-memory table for testing
Just looking to create a quick in-memory/temp table for testing out queries. I've seen this done before but I'm having trouble finding any examples from a web search or StackOverflow search. I'm looking for something like this:
let TempTable =…
SendETHToThisAddress
- 2,756
- 7
- 29
- 54
13
votes
1 answer
Application Insights: Analytics - how to extract string at specific position
I'd like to do,
Extracting "query" strings where param=1 as follows in "2."
Getting pageViews in Analytics with table as "3."
1. Actual urls included in…
grantaka36
- 277
- 1
- 2
- 14
12
votes
1 answer
Meaning of Kusto CSL acronym
This question is pretty straightforward: relating to Microsoft Kusto, what does the acronym CSL stand for? I know what CSL is used for, but there seems to be a distinct lack of information about what those three letters actually represent.
Zerker
- 125
- 7
12
votes
2 answers
How to query my Application Insights Logs (Analytics) from Kusto.Explorer?
Update July 13, 2021
The links used below are now partially obsolete. Here is the new section on language differences.
Original post
On Azure Portal, in my App Insights / Logs view, I can query the app data like this:
app('my-app-name').traces
The…
Konrad Jamrozik
- 3,254
- 5
- 29
- 59
11
votes
2 answers
Using both 'distinct' and 'project'
In Azure Data Explorer, I am trying to use both the 'project' and 'distinct' keywords.
The table records have 3 fields I want to use the 'project' on:
CowName
CowType
CowNum
CowLabel
But there are many other fields in the table such as Date,…
Adam
- 155
- 1
- 2
- 9
10
votes
3 answers
How do I print a tree using the Kusto Query Language?
Below is a quick and unglamorous solution.
If you have a better one, please include it in your answer.
let tree_height = 15;
range i from -1 to tree_height * 2 step 2
| extend side_width = tree_height + 1 - i / 2
| extend side_space = strrep(" ",…
Yoni L.
- 22,627
- 2
- 29
- 48
10
votes
2 answers
Kusto - How does bin() summarize timestamp
Learning Kusto and don't understand how bin() function groups timestamps:
StormEvents
| where StartTime > datetime(2007-02-14) and StartTime < datetime(2007-03-21)
| summarize event_count = count() by bin(StartTime, 7d)
Results are:
StartTime …
PYY
- 103
- 1
- 1
- 4
10
votes
1 answer
Kusto | Summarize count() multiple columns with where clauses
I'm trying to get the count of multiple things in a Kusto query but having trouble getting it working. Let's say I have a sample table like this:
let SampleTable = datatable(Department:string, Status:string, DateStamp:datetime)
[
"Logistics",…
SendETHToThisAddress
- 2,756
- 7
- 29
- 54
10
votes
1 answer
How do I write a Kusto query that uses a regex to filter on a where clause
In Azure Log Analytics I'm trying to use Kusto to query requests with a where condition that uses a regex. The query I'm trying is
requests
| where customDimensions.["API Name"] matches regex "\w*-v\d*"
but this returns a syntax error. The…
Nick Graham
- 1,311
- 3
- 14
- 21
10
votes
1 answer
Does extend operator support whitespace when specify a new column name?
When I want to generate a new column name with extend, and the new column name contains a white space, code like below:
requests
| extend "users name" = ""
//other codes
then an error occurs: Query could not be parsed at '=' on line xxx.
So the…
Ivan Glasenberg
- 29,865
- 2
- 44
- 60
10
votes
2 answers
How to write Kusto query to get results in one table?
I have 2 KQL queries and I want to combine them in order to display two rows as one result. Not just result of first query, then result of second query:
R_CL
| where isnotempty(SrcIP_s)
| project Message
| take 1;
R_CL
| where isempty(SrcIP_s)…
irom
- 3,316
- 14
- 54
- 86
9
votes
2 answers
Kusto query language split @ character and take last item
If I have a string for example:
"this.is.a.string.and.I.need.the.last.part"
I am trying to get the last part of the string after the last ".", which in this case is "part"
How to I achieve this?
One way I tried was to split the string on ".", I get…
user1702369
- 1,089
- 2
- 13
- 31