Questions tagged [azure-data-explorer]
Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.
azure-data-explorer
2,027
questions
0
votes
0
answers
15
views
has_all(): failed to cast argument 2 to scalar constant
I have a dynamic list of strings that I want to compare with a value of a column in main_table. I want to make sure all the parts from this list match my column.
let name_parts_table = print names = ...
- 129
0
votes
0
answers
27
views
Dynamic Prev in Kusto (KQL)
I have a table with Dates, Tickers, And Strategies for multiple stocks. I'd like to create a revised strategy column that pulls the most recent strategy per ticker that isn't equal to "Flat"....
- 37
0
votes
0
answers
12
views
Change tracking in ADX/Kusto from Graph point of view
We plan to use Graph capabilities of ADX and are looking for guidance. Our scenario is when a vertex (or any of its property) is changed, we want to capture all the related nodes.
Example - Refer ...
- 714
0
votes
1
answer
40
views
Kusto multiple summarize in single query
I have a device_event table and I'm trying out following query :
device_events
| where orgid = 1
| summarize failedEvents = countif(name=='failure'),
successEvents = countif(name=='success')...
- 3,447
0
votes
0
answers
36
views
Adding external delta table in Kusto does not work, table too big?
I would like to add an external table to Azure Data Explorer. Format is delta.
I am using the statement
.create async external table mybigtable
kind=delta
(
h@'abfss://mycontainer@...
- 115
0
votes
1
answer
58
views
Kusto - fetch data from one table where matching records do not exist in another table
I have two tables in azure data explorer db, first table is Users and the second one is Heartbeat. Users table has certain fields including email. Heartbeat table has email and Heartbeat send date/...
- 23
0
votes
1
answer
24
views
Cache the result of a scalar function during query execution in Azure Data Explorer
Through the use of KQL materialize() one can cache a tabular expression during query execution. This can be good for performance if the tabular expression is used many times in the query and is ...
- 17
0
votes
1
answer
51
views
KQL - extract property value from an array of JSON objects, based on the value of another property
Suppose I have a table with some columns. One of the columns is called Details, has a dynamic type, and is an array of JSON objects similar to this:
[
{
"key": "Name",
...
- 13
0
votes
1
answer
97
views
How to search between dates
I have been trying to find a way to search between dates in Azure Data Explorer but every example or format I find on the internet has led me to more errors. I need to be able to search our Log files ...
1
vote
1
answer
42
views
KQL: How to reference columns within a let query in the next query
I want to be able to reference min_TimeGenerated, max_TimeGenerated, and LocalIP without having to write 3 let queries and project each one. What's the best practice on how to do this?
let TimeRange = ...
- 762
0
votes
1
answer
73
views
Azure Virtual Desktop KQL (Kusto) query
I 'm looking for a KQL (Kusto) query that gives me the total number of users per application or per application group for an Azure Virtual Desktop hostpool from the Log Analytics Workspace.
This query ...
- 1
0
votes
1
answer
41
views
Create a function to calculate power of tens with a loop and reuse them in another query
I need a KQL function which calculates the power of tens (or maybe N), where I can pass the base and the exponent and get back the result.
I´m new in KQL, so I don´t know how exactly define the ...
- 25
1
vote
1
answer
39
views
Generate Chart by Type and State
I have different Types (A, B, C, ...) and different States type string in Azure Data Explorer.
I would like to have a chart where all Types are sumed up by their States. So every column consists of A, ...
- 25
1
vote
3
answers
94
views
Union the results with loop to call function for each table row
I am pretty new to Azure Data Explorer (Kusto) queries. I have a stored function, that takes a string as a parameter, does some querying around that input and return a data table.
QueryFunc(input: ...
0
votes
0
answers
20
views
Fluent Bit JSON to Kusto ingestion: All fields mapped to log column instead of respective columns
I'm encountering an issue while ingesting JSON structured logs from Fluent Bit into Azure Data Explorer
I create Kusto table named LogsTable with specific columns like timestamp, message, ...
- 184