2,127 questions
-4
votes
0
answers
46
views
How to cache external SQL table data in Azure Data Explorer? [closed]
I’m using Azure Data Explorer (Kusto) and have an external table that reads data from an external SQL Server using create external table ... kind=sql.
According to the documentation: Query results ...
- 683
0
votes
1
answer
150
views
How to monitor Microsoft Sentinel data connector health and connection history using KQL or PowerShell?
I'm working with Microsoft Sentinel and need to create monitoring queries to track the health status of data connectors. Specifically, I want to:
Identify unhealthy or disconnected data connectors
...
0
votes
0
answers
33
views
Azure Synapse spark pool throwing hostname not trusted error
I'm trying to read from Azure kusto source using below code in Azure synapse notebook.
df = spark.read \
.format("com.microsoft.kusto.spark.synapse.datasource") \
.option("kustoCluster&...
- 221
0
votes
1
answer
47
views
How can I set client request properties in Kusto Explorer, Web or Native?
How can I set client request properties when using KQL UI (the WebUX, Kusto.Explorer or Fabric QuerySets)?
- 2,576
0
votes
0
answers
39
views
Performance of filtering data from remote clusters using `macro-expand` vs. `union`
For 10 clusters in different regions, each with billions of rows, is there a difference in performance between the following two queries?
Query 1:
union
cluster('c0').database('Data').T,
...
- 14.5k
0
votes
1
answer
49
views
How do lookback columns in Azure Data Explorer deduplication Materialized Views work?
I was wondering if anybody has experience using lookback columns within deduplication Materialized Views in Adx
https://learn.microsoft.com/en-us/kusto/management/materialized-views/materialized-view-...
- 33
0
votes
0
answers
41
views
In Kusto, can you call a function on each row of a table?
I defined a function
let Deleted = (o:string){
toscalar(cluster('cA').database('dA').Table1
| where objectId == o
| where step in ("Completed", "CleanedUp")
| count)...
- 1,013
0
votes
0
answers
74
views
Azure Data Explorer Command runs out of memory in Azure Data Factory
I have a KQL query (which includes a join too). The task is to join 2 tables in a Kusto database and dump into a new table.
When I run the query in its entirety in Azure Data Explorer UI, it runs ...
0
votes
1
answer
61
views
When are Kusto column statistics populated?
I'm using this command to get some basic statistics (Cardinality, Count, CountNulls, etc.)
.show table MyTable column statistics
And it works fine, but I've noticed that when I create a brand new ...
- 584
0
votes
0
answers
54
views
How to have Logstash not write the same rows repeatedly?
I am tring to extract a index in Elastic Search (ES) using Logstash (LS) and write it into ADX before getting it into MSFT Fabric Lakehouse. ES, LS, ADX are on Tenant 1 and Fabric is on Tenant 2.
ES ...
- 381
0
votes
1
answer
93
views
How can I filter out spikes in Kusto Engine data but also create a new baseline value if the spike value persists?
So my data is totaliser values of Engine Hours, but the values will increase/decrease by an order of magnitude for a few timestamps and then return to a real value. I want to filter out these ...
0
votes
1
answer
62
views
How to Detect Ingestion Completion in ADX Using KQL
I'm looking for a reliable way to determine when the ingestion into the ADX table has completed successfully. Is there a KQL command to detect ingestion completion?
I explored .show ingestion failures....
- 13
0
votes
1
answer
90
views
kusto-spark - only one usage of each socket address is normally permitted error
I'm having a lot of trouble using kusto-spark from Azure Databricks and trying to write to a Spark table - but only from certain jobs.
Operation:
my_df = (spark.read.format("com.microsoft.kusto....
- 87
2
votes
0
answers
120
views
Azure data explorer, low CPU usage but slow querying times
I have an Azure data explorer cluster with a few databases in it. When looking at the 'Cluster boundedness' tab in Insights it states that both CPU and Cache utilization is low. However the Ingestion ...
- 89
0
votes
0
answers
177
views
How to handle duplicates in KQL databases?
Current setup: In my KQL database, I have a table (bronze layer) that is being ingested with real-time data from an REST API through a data pipeline. This data is semi-structured but contains a lot of ...
- 11
0
votes
1
answer
126
views
Dynamic way to query table. Error: table(): argument #1 must be a non-empty string literal
I am looking to query table dynamically.
For example, I have a function as below
getTable(T:string){
let Table2 = strcat(T , "test"); // dynamically creating tableName
union ...
2
votes
1
answer
159
views
Aggregate with make_list without flattening arrays
Given a table with numeric columns A, X, and Y, I'd like to obtain an array of (X, Y) tuples for every value of A, as follows:
| A | Points |
|---|-------------------|
| 1 | [[1,3],[2,3],......
- 14.5k
0
votes
0
answers
151
views
Kusto/Sentinel - How do I create/save a user defined global function parameters that accept fields
I am trying to create a user defined function to store as a global function. This has to accept two field parameters and spit out a table.
I managed to get it to work as an inline function.
let ...
0
votes
1
answer
64
views
Kql for loop to append new column
I have a function which takes array input. I want to execute the function logic for each item in the array and combine each output in single dynamic output column. I'm able to achieve it for single ...
- 221
1
vote
1
answer
97
views
Kusto - Get the value at maximum timestamp
I have some timeseries data like this:
Timestamp
Resource
MetricName
MetricValue
T1
db1
DocumentCount
110
T2
db1
DocumentCount
120
T2
db1
DataUsage
40000
T11
db2
DocumentCount
60
T12
db2
DocumentCount
...
- 1,481
0
votes
1
answer
240
views
Kusto function expects a scalar value error
This is my Kusto query
KustoFunctionA("GUID_VALUE")
| extend Name = todynamic(Name)
| mv-apply Name to typeof(string) on ( extend values = KustoFunctionB(Name) | project Name)
I get an ...
0
votes
1
answer
57
views
Compare multiple column value and return column name with max value
I need to compare value in multiple column (up to 10) and to return the column name where there is the max value (for each row).
I did some try with array_sort_asc() but I'm not able to create a ...
- 19
0
votes
1
answer
222
views
Find all table with multiple columns name criteria
Through query page, I can search all tables where column == "something".
Seems we're not able to make AND/OR from UI.
So, I would like to know if there is a KQL query that can let search ...
- 19
0
votes
0
answers
131
views
Kusto query still hit old memory budget limit after increase?
I still hits the old maxmemoryconsumptionperiterator limit even after increasing using .alter-merge workload_group default command:
'summarize' operator has exceeded the memory budget (32212254720) ...
- 1,140
0
votes
1
answer
66
views
trying to find out week of year in kql
let month = 12;
let year = 2024;
let base =
range day from startofday(now() - 1000d) to startofday(now()) step 1d
| where datetime_part("Month", day) == month and datetime_part("Year&...
