How to start with KQL Oct 2021

Published Oct 24 2021 02:09 AM 2,309 Views

KQL stands for Kusto Query Language. It's the language used to query the Azure Data Explorer, Azure Defenders, Azure log databases: Azure Monitor Logs, Azure Monitor Application Insights and others. Kusto databases are perfect for massive amounts of streamed data like application logs and telemetry database.

here is a short check list on how to start your journey with KQL, Kusto Query Language.

 

  1. Courses
    1. MS Learn: Write your first query with Kusto Query Language
    2. KQL basic and advance free on-line courses, start with the first ~20 operators that will be used 80% of your time and move forward to advanced capabilities with Scan, Geospatial, Time Series and others.  TzviaGitlinTroyna_0-1635065348826.png
      1. Exploring Data in Microsoft Azure Using Kusto Query Language and Azure Data Explorer
      2. Microsoft Azure Data Explorer - Advanced KQL
  2. Exploration Cluster
    try it yourselves with a preloaded cluster 
    1. Help Cluster: https://aka.ms/adx.try
  3. Usage flow & Docs 
    1. Kusto Query Overview 
    2. Query (from SQL to KQL, Query best practices
    3. Samples for Kusto queries 
    4. Tutorial: Kusto Queries
  4. Videos 
    1. YouTube Channel KQL playlist
  5. Community
    the product group is waiting for your questions and requests in one of the below 
    1. Twitter: @AzDataExplorer
    2. Tech Community Blog: https://aka.ms/adx.blog
    3. LinkedIn
    4. YouTube 
    5. Stack Overflow: Tags: Kusto, Azure Data Explorer, KQL 

      https://aka.ms/adx.sof

%3CLINGO-SUB%20id%3D%22lingo-sub-2878304%22%20slang%3D%22en-US%22%3EHow%20to%20start%20with%20KQL%20Oct%202021%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2878304%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EKQL%20stands%20for%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EKusto%20Query%20Language%3C%2FSTRONG%3E%3CSPAN%3E.%20It's%20the%20language%20used%20to%20query%20the%20Azure%20Data%20Explorer%2C%20Azure%20Defenders%2C%20Azure%20log%20databases%3A%20Azure%20Monitor%20Logs%2C%20Azure%20Monitor%20Application%20Insights%20and%20others.%20Kusto%20databases%20are%20perfect%20for%20massive%20amounts%20of%20streamed%20data%20like%20application%20logs%20and%20telemetry%20database.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Ehere%20is%20a%20short%20check%20list%20on%20how%20to%20start%20your%20journey%26nbsp%3Bwith%20%3CSTRONG%3EKQL%3C%2FSTRONG%3E%2C%20%3CSTRONG%3EK%3C%2FSTRONG%3Eusto%20%3CSTRONG%3EQ%3C%2FSTRONG%3Euery%20%3CSTRONG%3EL%3C%2FSTRONG%3Eanguage.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ECourses%3COL%3E%0A%3CLI%3EMS%20Learn%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fwrite-first-query-kusto-query-language%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EWrite%20your%20first%20query%20with%20Kusto%20Query%20Language%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EKQL%20basic%20and%20advance%20free%20on-line%20courses%2C%20start%20with%20the%20first%20~20%20operators%20that%20will%20be%20used%2080%25%20of%20your%20time%20and%20move%20forward%20to%20advanced%20capabilities%20with%20Scan%2C%20Geospatial%2C%20Time%20Series%20and%20others.%26nbsp%3B%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TzviaGitlinTroyna_0-1635065348826.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F319502i9B04898B12BDE179%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22TzviaGitlinTroyna_0-1635065348826.png%22%20alt%3D%22TzviaGitlinTroyna_0-1635065348826.png%22%20%2F%3E%3C%2FSPAN%3E%3COL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fpartners%2Fmicrosoft%2Fazure-data-explorer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EExploring%20Data%20in%20Microsoft%20Azure%20Using%20Kusto%20Query%20Language%20and%20Azure%20Data%20Explorer%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fpartners%2Fmicrosoft%2Fazure-data-explorer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EMicrosoft%20Azure%20Data%20Explorer%20-%20Advanced%20KQL%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EExploration%20Cluster%3CBR%20%2F%3E%3C%2FSPAN%3Etry%20it%20yourselves%20with%20a%20preloaded%20cluster%26nbsp%3B%3COL%3E%0A%3CLI%3EHelp%20Cluster%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fadx.try%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fadx.try%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EUsage%20flow%20%26amp%3B%20Docs%26nbsp%3B%3C%2FSPAN%3E%3COL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdata-explorer%2Fkusto%2Fquery%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EKusto%20Query%20Overview%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DocmfWMPqZPM%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EQuery%3C%2FA%3E%26nbsp%3B(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdata-explorer%2Fkusto%2Fquery%2Fsqlcheatsheet%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Efrom%20SQL%20to%20KQL%2C%26nbsp%3B%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdata-explorer%2Fkusto%2Fquery%2Fbest-practices%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EQuery%20best%20practices%3C%2FA%3E)%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdata-explorer%2Fkusto%2Fquery%2Fsamples%3Fpivots%3Dazuredataexplorer%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ESamples%20for%20Kusto%20queries%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdata-explorer%2Fkusto%2Fquery%2Ftutorial%3Fpivots%3Dazuredataexplorer%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ETutorial%3A%20Kusto%20Queries%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EVideos%26nbsp%3B%3C%2FSPAN%3E%3COL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fplaylist%3Flist%3DPLwyttaal5U3qNKwjTPyh3p-uujk8qWU5o%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EYouTube%20Channel%20KQL%20playlist%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3ECommunity%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%3Ethe%20product%20group%20is%20waiting%20for%20your%20questions%20and%20requests%20in%20one%20of%20the%20below%26nbsp%3B%3C%2FSPAN%3E%3COL%3E%0A%3CLI%3E%3CSPAN%3ETwitter%3A%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fazdataexplorer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%40AzDataExplorer%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3ETech%20Community%20Blog%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fadx.blog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fadx.blog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fposts%2Ftzvia_azure-data-explorer-at-a-glance-activity-6694134623754043392-Iocm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ELinkedIn%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCPgPN-0DLaImaaDR_TtKR8A%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EYouTube%26nbsp%3B%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EStack%20Overflow%3A%20Tags%3A%20Kusto%2C%20Azure%20Data%20Explorer%2C%20KQL%26nbsp%3B%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Faka.ms%252Fadx.sof%26amp%3Bdata%3D04%257C01%257Ctzgitlin%2540microsoft.com%257C55f37ffaa5c54ce41d4208d96d1c0108%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637660789308889954%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26amp%3Bsdata%3DuyndeIfqAgO0liO80Z1sUS4PN8odVAehXHhACTTcHbM%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fadx.sof%3C%2FA%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2878304%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EKQL%20stands%20for%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EKusto%20Query%20Language%3C%2FSTRONG%3E%3CSPAN%3E.%20It's%20the%20language%20used%20to%20query%20the%20Azure%20Data%20Explorer%2C%20Azure%20Defenders%2C%20Azure%20log%20databases%3A%20Azure%20Monitor%20Logs%2C%20Azure%20Monitor%20Application%20Insights%20and%20others.%20Kusto%20databases%20are%20perfect%20for%20massive%20amounts%20of%20streamed%20data%20like%20application%20logs%20and%20telemetry%20database.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22kusto-query-language-kql-from-scratch-v1.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F319504i6A6B800D1A3691C6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22kusto-query-language-kql-from-scratch-v1.jpg%22%20alt%3D%22kusto-query-language-kql-from-scratch-v1.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2878304%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Data%20Explorer%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EKQL%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EKusto%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Nov 24 2021 06:53 AM
Updated by: