Next up on my video series is an introduction to the Kusto Query Language also known as KQL. This will give you some basics on how to approach reading and writing KQL queries against an Azure Log Analytics Workspace.

I ran the following KQL Queries in this video:

ContosoHighSchool_CL


ContosoHighSchool_CL
| count


FabrikamHighSchool_CL
| count


ContosoHighSchool_CL
| summarize count() by Class_s


ContosoHighSchool_CL
| search “freshman”


ContosoHighSchool_CL
| search “freshman” and “walker”


ContosoHighSchool_CL
| search “*alk*”


ContosoHighSchool_CL
| search FirstName_s: “Alan”


ContosoHighSchool_CL
| search FirstName_s: “*a*”


ContosoHighSchool_CL
| where Class_s == ‘sophomore’


ContosoHighSchool_CL
| where FirstName_s hasprefix “t”


ContosoHighSchool_CL
| where FirstName_s hassuffix “y”


ContosoHighSchool_CL
| where FirstName_s contains “m”


ContosoHighSchool_CL
| where GPA_d < 2.0


ContosoHighSchool_CL
| where GPA_d < 2.0
| count


ContosoHighSchool_CL
| where GPA_d < 2.0 and Class_s == ‘senior’


ContosoHighSchool_CL
| project StudentId_d, GPA_d, Class_s, School_s


ContosoHighSchool_CL
| extend FullName = strcat(FirstName_s, ” “, LastName_s)


ContosoHighSchool_CL
| extend FullName = strcat(FirstName_s, ” “, LastName_s)
| project FullName, StudentId_d, GPA_d, Class_s, School_s


ContosoHighSchool_CL
| sort by GPA_d desc


ContosoHighSchool_CL
| sort by TimeGenerated desc


ContosoHighSchool_CL
| where TimeGenerated between(datetime(“2020-10-02 15:09:00”) .. datetime(“2020-10-02 17:22:00”))


ContosoHighSchool_CL
| where TimeGenerated > ago(10h)

Thank You,

Russ Maxwell