In my pervious post I wrote about KQL queries that we will write – we also could use some free some samples that Microsoft put up for us to try things out:
https://dataexplorer.azure.com/clusters/help/databases/Samples
But what is a query? Kudos to Microsoft for putting some great definitions up on their site which I’ve used here.
NOTE:
At times you will see reference to Azure Data Explorer and Azure Monitor.
My first experience with KQL was with Azure Monitor – but I will talk to Azure Data Explorer later in this series. Back to queries…
A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model that is easy to read, author, and automate. Kusto queries are made of one or more query statements.
A query consists of one or more query statements, delimited by a semicolon (;).
At least one of these query statements must be a tabular expression statement. The tabular expression statement generates one or more tabular results. Any two statements must be separated by a semicolon. When the query has more than one tabular expression statement, the query has a batch of tabular expression statements, and the tabular results generated by these statements are all returned by the query.
Two types of query statements:
- Statements that are primarily used by users (user query statements),
- Statements that have been designed to support scenarios in which mid-tier applications take user queries and send a modified version of them to Kusto (application query statements).
Some query statements are useful in both scenarios.
here are three kinds of user query statements:
All query statements are separated by a ; (semicolon), and only affect the query at hand.
To be honest most of the time I write tabular expressions – let’s have a closer look at this…