cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Which is efficient query - project after where (or) where after project

Vino55
Microsoft

‎Nov 10 2019 11:15 PM - last edited on ‎Apr 08 2022 10:12 AM by

‎Nov 10 2019 11:15 PM - last edited on ‎Apr 08 2022 10:12 AM by

Which is efficient query - project after where (or) where after project

I query log analytics table (which has huge number of records) from workbook

This table - Azure Diagnostics - will have columns from other Azure RP as well.

To make my query efficient, I looked at kusto best practice and made query changes.

 

When I first fetch table, I always use time filter first. However, after first time filter, I am not sure If I have to subsequent 'where' filters or narrow down the columns using 'project'. The reason being AzureDiagnostics table tend to have lot more columns than what is ingested from my service and hence I need to narrow down.

Hence question is  after time filter,
should I use where filters after project (or) project after where filters.?

Labels:
1,984 Views
0 Likes
3 Replies
Reply
3 Replies

‎Nov 11 2019 11:21 PM

‎Nov 11 2019 11:21 PM

Re: Which is efficient query - project after where (or) where after project

Project then Where
0 Likes
Reply
Vino55

‎Nov 13 2019 09:50 PM

‎Nov 13 2019 09:50 PM

Re: Which is efficient query - project after where (or) where after project

Thanks @Deleted for the response.

 

The best practice for LA query remains same as Kusto?

Since LA is on top of Kusto, is there some layering over KQL which requires different set of rules/recommendation for better optimization.

0 Likes
Reply
CliveWatson

‎Nov 14 2019 03:20 AM

‎Nov 14 2019 03:20 AM

Re: Which is efficient query - project after where (or) where after project

@Vino55 

 

https://docs.microsoft.com/en-gb/azure/azure-monitor/log-query/query-language

"Azure Monitor logs are built on Azure Data Explorer, and Azure Monitor log queries use a version of the same Kusto query language. The Kusto query language documentation has all of the details for the language and should be your primary resource for writing Azure Monitor log queries. This page provides links to other resources for learning how to write queries and on differences with the Azure Monitor implementation of the language."

 

 

 

 

0 Likes
Reply