Hands On: Kusto Query Language(KQL)

In this Hands On: Kusto Query Language course we will do hands on KQL and understand various Commands, Clauses, Statements to build a good Foundation.

KQL has many Applications Across Microsoft Sentinel, Micrsoft Defender for Cloud, Azure Data Explorer and it enables in Querying the Data which is Stored in Log Analytics Workspace.

We Will start from Portal Walkthrough provisioned by MS for practicing KQL effectively, we will start with basic commands like getSchema, let, print, and will reach to complex aspect of join, union, data tables, mv-expand, Aggregate functions.

We will understand case-sensitive and case-insensitive aspect of KQL and how commands can be Molded respectively for querying data from Log Analytics.

Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.

A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model that is easy to read, author, and automate. Kusto queries are made of one or more query statements.

Brief on What we will do Hands on KQL in this Course:

1. Kusto Query Language

2. KQL LA demo Continued( Schema, Workflow of a Query, Pipe Operator)

3. KQL Operator Search

4. KQL Operator Where

5. KQL Operator distinct,summarize

6. KQL Operator sort,ago

7. KQL Operator iif,strcat,case

8. KQL Operator arg_max,arg_min,Count,mv-expand

9. KQL Operator join,range,union,Custom log creation

10.Kusto Rookie

11. Updating..