I saw an episode of Data Exposed with my good friend, Hamish Watson. He talked about KQL (Kusto Query Language) being the next query language you need to learn. I was skeptical of the title, but I decided to give this a try.
In the episode, Hamish points out a cheat sheet from Microsoft, which I thought was a good resource. However, while watching the video, I browsed over to the demo site Microsoft has at https://aka.ms/lademo. You need an Azure account to log in, but this is a demo site where you can query some Log Analytics data. The new query window below is what appears when you go here:
Hamish shows some sample items, and I noted that to query a table, you just include the name. The query window in Azure has intellisense, and I used Hamish’ example to look at perf data.
The structure of queries is that you choose a table, then you can add a pipe (|) and add a where clause or other structures. I glanced at the cheat sheet, but really I played around a bit.
For example, I saw in the demo there was a “take” option, so I tried this:
| take 6
This gave me six results, so it’s like a TOP clause in T-SQL.
Next, I tried a WHERE. This is also structured as a line after a pipe. I picked a value I saw and then ran the query.
I noticed there was a summarize option, so I tried entering this. What I liked was that I had some intellisense options to help me with the various aggregates.
I ran this query, and got an average of the free space across all disks.
That isn’t a number that really means anything. I tried GROUP BY in a few ways, but eventually had to look at the cheat sheet to see just “by” is needed. I ended up with this query to get space by disk.
In some ways, I found KQL to be easier to work with than SQL. It’s cleaner, and logically follows what I’d do when writing a query. I build this in a way similar to how the query is executed, which is unlike how SQL works.
I don’t know if KQL is going to be that important to me, but I will play around with it a bit more.