Next up on my video series is an introduction to the Kusto Query Language also known as KQL. This will give you some basics on how to approach reading and writing KQL queries against an Azure Log Analytics Workspace.
I ran the following KQL Queries in this video:
ContosoHighSchool_CL
ContosoHighSchool_CL
| count
FabrikamHighSchool_CL
| count
ContosoHighSchool_CL
| summarize count() by Class_s
ContosoHighSchool_CL
| search “freshman”
ContosoHighSchool_CL
| search “freshman” and “walker”
ContosoHighSchool_CL
| search “*alk*”
ContosoHighSchool_CL
| search FirstName_s: “Alan”
ContosoHighSchool_CL
| search FirstName_s: “*a*”
ContosoHighSchool_CL
| where Class_s == ‘sophomore’
ContosoHighSchool_CL
| where FirstName_s hasprefix “t”
ContosoHighSchool_CL
| where FirstName_s hassuffix “y”
ContosoHighSchool_CL
| where FirstName_s contains “m”
ContosoHighSchool_CL
| where GPA_d < 2.0
ContosoHighSchool_CL
| where GPA_d < 2.0
| count
ContosoHighSchool_CL
| where GPA_d < 2.0 and Class_s == ‘senior’
ContosoHighSchool_CL
| project StudentId_d, GPA_d, Class_s, School_s
ContosoHighSchool_CL
| extend FullName = strcat(FirstName_s, ” “, LastName_s)
ContosoHighSchool_CL
| extend FullName = strcat(FirstName_s, ” “, LastName_s)
| project FullName, StudentId_d, GPA_d, Class_s, School_s
ContosoHighSchool_CL
| sort by GPA_d desc
ContosoHighSchool_CL
| sort by TimeGenerated desc
ContosoHighSchool_CL
| where TimeGenerated between(datetime(“2020-10-02 15:09:00”) .. datetime(“2020-10-02 17:22:00”))
ContosoHighSchool_CL
| where TimeGenerated > ago(10h)
Thank You,
Russ Maxwell