New Blog Post | Must Learn KQL Part 17: The Let Statement

%3CLINGO-SUB%20id%3D%22lingo-sub-3100389%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Must%20Learn%20KQL%20Part%2017%3A%20The%20Let%20Statement%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3100389%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1643738267070.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F344274i70DB888DB0032ACD%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1643738267070.png%22%20alt%3D%22AshleyMartin_0-1643738267070.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazurecloudai.blog%2F2022%2F02%2F01%2Fmust-learn-kql-part-17-the-let-statement%2F%3FWT.mc_id%3Dm365-0000-rotrent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EMust%20Learn%20KQL%20Part%2017%3A%20The%20Let%20Statement%20%E2%80%93%20Azure%20Cloud%20%26amp%3B%20AI%20Domain%20Blog%20(azurecloudai.blog)%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EGoing%20way%20back%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fazurecloudai.blog%2F2021%2F11%2F19%2Fmust-learn-kql-part-3-workflow%2F%3FWT.mc_id%3Dm365-0000-rotrent%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3Epart%203%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ewhen%20I%20talked%20about%20the%20standard%20workflow%2C%20you%20might%20remember%20me%20saying%E2%80%A6%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%20class%3D%22wp-block-quote%20is-style-large%22%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EEven%20though%20the%20structure%20can%20deviate%3C%2FSTRONG%3E%2C%20understanding%20a%20common%20workflow%20of%20a%20KQL%20query%20can%20have%20powerful%20results%20and%20help%20you%20develop%20the%20logic%20needed%20to%20build%20your%20own%20workflows%20when%20it%E2%80%99s%20time%20to%20create%20your%20own%20queries.%3C%2FEM%3E%3C%2FP%3E%3CCITE%3ERod%20Trent%2C%20%26nbsp%3BNovember%2019%2C%202021%3C%2FCITE%3E%3C%2FBLOCKQUOTE%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3EIn%20this%20part%2Fchapter%20of%20the%20Must%20learn%20KQL%20series%2C%20I%E2%80%99m%20going%20to%20focus%20on%20one%20of%20those%20deviations.%20As%20you%E2%80%99ll%20see%2C%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F3LG%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3ELet%20statement%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ecan%20deviate%20from%20the%20norm%20because%20it%E2%80%99s%20generally%20assumed%20that%20it%20is%20positioned%20before%20the%20query%20event%20begins%20because%20of%20what%20it%20does.%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3ESo%2C%20what%20does%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F3LG%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3ELet%20statement%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3Edo%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3100389%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20for%20Cloud%20Apps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1643738267070.png

Must Learn KQL Part 17: The Let Statement – Azure Cloud & AI Domain Blog (azurecloudai.blog)

Going way back to part 3 when I talked about the standard workflow, you might remember me saying…

 

Even though the structure can deviate, understanding a common workflow of a KQL query can have powerful results and help you develop the logic needed to build your own workflows when it’s time to create your own queries.

Rod Trent,  November 19, 2021

In this part/chapter of the Must learn KQL series, I’m going to focus on one of those deviations. As you’ll see, the Let statement can deviate from the norm because it’s generally assumed that it is positioned before the query event begins because of what it does.

So, what does the Let statement do?

0 Replies