Forum Discussion
Kusto Explorer - So Many Tables!
Hey there!
I was looking for a way to manage KQL queries and keep a running tally of the queries I've done so I can step back through the history and figure out how I got where I am. I was hoping for a way to connect my KQL efforts to my GitHub repo. I did some research and found Michel Kamp's article on using Kusto Explorer to do this (https://michelkamp.wordpress.com/2020/08/05/a-better-place-to-handle-your-kql-queries/). I've now set up Kusto Explorer and connected it to my Sentinel environment. However, when I look under the connections I see hundreds of tables with most of them not having any relevance to my Sentinel environment. Actually, most of them are empty. Any idea why I'm seeing all of these non-existent tables? And is there a way to only retrieve tables that actually exist?
TIA
~dgm~
- There's no automated way to connect KQL or any kind of Sentinel content back to GitHub. The best practice would be to manually copy KQL and paste them using the GitHub desktop + Sublime text or vs code. Otherwise, all efforts will be lost.
- GBushey
Microsoft
Most likely there is something that is feeding your ADX environment or those are tables that ADX creates itself. You could look at the Sentinel Repository feature to store your queries (although it may take a little work as it doesn't with directly with log queries). - There's no automated way to connect KQL or any kind of Sentinel content back to GitHub. The best practice would be to manually copy KQL and paste them using the GitHub desktop + Sublime text or vs code. Otherwise, all efforts will be lost.
- That seems to answer the underlying question. Disappointing but it's what I neede to hear. Thank you.
