azKql - klagan/learning GitHub Wiki

What is KQL?

KQL is the query language for Microsoft data explorer.

Samples

union *
| where operation_Id == "3a6eb970cd9821489b320de6953f9e42"
| sort by timestamp asc

union isfuzzy=true exceptions
| where timestamp > datetime("2021-09-20T13:59:00.000Z") and timestamp < datetime("2021-09-20T14:15:59.000Z")
| order by timestamp asc
| take 100

⚠️ GitHub.com Fallback ⚠️