Forum Discussion
Kusto user-defined function for common actions
I'm looking to leverage common functions across a number of queries so we can update in one place rather than in every analytic.
First question, would it be possible to have a function that just defines a dynamic variable that can be used in other analytics. E.g. a function that defines a list and saved as lb_primaries.
let lb_primaries = dynamic(["127.0.0.1", "127.0.0.2", "127.0.0.3"]);This way we could reference lb_primaries in a number of analytics, but only update in a single place?
The second question, using an example of a basic lookup (I'm aware of externaldata) where we can return a true or false based on the input. E.g. is_primary_fn
let is_primary = (ip:string) {
iif(dynamic([
"127.0.0.1",
"127.0.0.2",
"127.0.0.3"
]) contains ip, true, false)
};Then using that with a query like:
NetworkData
| where is_primary_fn(IPAddress)Which in this example fails with "Body of the callable expression cannot be empty". I've tried a few different way to get this working but so far not having any luck 😞
7 Replies
- Looks like the only way to create a parameterized function is to use resource templates.
https://docs.microsoft.com/en-us/azure/azure-monitor/samples/resource-manager-log-queries#parameterized-function
- As far as I know, you should invoke the function.
NetworkData
| invoke is_primary(tostring(IPAddress))
