Summary
This chapter is one of the most important chapters in the book in terms of reusing the skills you have learned outside of ADX clusters. As mentioned, KQL is one of the fundamental keystones to Azure with regard to managing your logging and telemetry data. Data belonging to Auditing, Security Center, Application Insights, Monitoring, and Asset Management all reside in Log Analytic workspaces, which all use KQL for querying the data.
We learned what KQL is, where it can be used, and the basic syntax of KQL queries. We then learned about the basics of KQL, such as searching, filtering with where
clauses, aggregations with summarize
, formatting results, rendering graphs, and converting SQL statements to KQL using the EXPLAIN
keyword.
Next, we learned about some of the most commonly used scalar functions and operators, such as data manipulation and formatting and string search using the has_cs
and contains_cs
operators. We also learned how to use the join
operator to join...