Forum Discussion
How to execute a returned KQL query
Hi, Quick visualisation of one data record: ID 1001 Description Sample Query Query {some KQL query} I would like to get the query and execute it all within a KQL statement,...
If you are referring to a compressed query in the results, there is some sort of workaround, you can extract the compressed text and decompress it in an extended field
For example in the Azure Security Alert Table
Table
| project CompressedQuery = tostring(parse_json(ExtendedProperties).Query)
| extend Compressed = extract(@"\['([^;]+)']",1,CompressedQuery)
|extend raw = todynamic(zlib_decompress_from_base64_string(Compressed))
I hope that helps
For example in the Azure Security Alert Table
Table
| project CompressedQuery = tostring(parse_json(ExtendedProperties).Query)
| extend Compressed = extract(@"\['([^;]+)']",1,CompressedQuery)
|extend raw = todynamic(zlib_decompress_from_base64_string(Compressed))
I hope that helps