Kusto Query Language KQL Part 1

A Deep Dive Into KQL Along With a Review of Azure Data Explorer (ADX)
Kusto Query Language KQL Part 1
File Size :
1.65 GB
Total length :
4h 56m



Randy Minder


Last update




Kusto Query Language KQL Part 1

What you’ll learn

An overview of Azure Data Explorer (ADX)
Azure Data Explorer Web UI and Log Analytics Demo Site
A deep dive into the essentials of KQL
The most commonly used KQL operators and functions
Aggregating data with KQL
Exporting data to Excel and Power BI
Ingesting Data into Azure Data Explorer

Kusto Query Language KQL Part 1


No knowledge of Azure required. Some knowledge of SQL would be helpful.
A Microsoft account will be required to use the Log Analytics demo site. There is no cost involved.


There is a good chance you have already used Azure Data Explorer (ADX) to some degree without knowing it. If you have used Azure Security Center, Azure Sentinel, Application Insights, Resource Graph Explorer, or enabled diagnostics on your Azure resources, then you have used ADX. All these services rely on Log Analytics, which is built on top of ADX and is queried using KQL.Like many other tools and products, ADX was started by a small group of engineers in Israel around 2015. They needed to solve a problem. A group of developers from Microsoft’s Power BI team needed a high-performing big data solution to ingest and analyze their logging and telemetry data. So, of course, they built their own because they could not find a service that met all their needs. This resulted in the Azure Data Explorer, also known as Kusto.So, what is ADX? It is a fully managed, append-only columnar store big data service capable of elastic scaling and ingesting literally hundreds of billions of rows daily. ADX offers:Low-latency ingestion and elastic scalingSecurityCost-efficient (pay as you consume)High availabilityTime Series AnalysisSuper fast query performance via KQLCustom built solutionsAs great as ADX is, this course is mostly centered around KQL (Kusto Query Language). KQL is the query language for managing all logging and telemetry data stored in ADX. Even if you do not use ADX directly, you will still use KQL for monitoring, analyzing logs, managing assets, exploring security data, and exploring Application Insights data. KQL is ADX’s read-only query language that has many similarities with SQL, such as working with tables, columns, and providing functionality for filtering. KQL supports a subset of SQL, and SQL statements can be executed and converted to KQL using the EXPLAIN keyword, reducing the learning curve for engineers with an SQL background.This is part 1 of a two part series covering ADX (lightly) and the KQL language (mostly). The goal of this course is to cover the basics. At the end of this five hour course you will have a solid understanding of what KQL can do. And it can do a lot! In some respects I like it better than T-SQL which I have used for over 20 years.Part 2 of this course goes well beyond the basics and will cover many advanced KQL topics and scenarios (and some more ADX).


Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Before You Purchase This Course!

Section 2: Azure Data Explorer / ADX / Kusto

Lecture 3 Overview

Lecture 4 Creating an Azure Data Explorer Cluster

Lecture 5 Azure Data Explorer Web UI

Section 3: Kusto Query Language

Lecture 6 Contoso Dataset

Lecture 7 What is Kusto Query Language (KQL)?

Lecture 8 Would You Rather Use T-SQL?

Section 4: The Most Common Operators and Functions You Will Use

Lecture 9 Getting Started

Lecture 10 Project / Extend / Take

Lecture 11 Where / Ago

Lecture 12 Search

Lecture 13 Distinct

Lecture 14 Summarize / Bin

Lecture 15 Parse

Lecture 16 Order By

Lecture 17 Datetime / Timespans

Lecture 18 Datetime_Part / Datetime_Diff / Datetime_Add

Lecture 19 Format_Datetime / Format_Timespan

Lecture 20 StartOf / EndOf / Between

Lecture 21 IIF / Case / Split

Lecture 22 String Operators

Lecture 23 Strcat

Lecture 24 ToDynamic / Parse_Json

Lecture 25 Getschema

Section 5: Aggregating Data – Most Common Functions

Lecture 26 Count and DCount

Lecture 27 Arg_max and Arg_min

Lecture 28 Make_set / Make_list / Mv-expand

Lecture 29 Percentiles

Lecture 30 Pivot

Lecture 31 Top-Nested

Lecture 32 Any / Take_any

Lecture 33 Wrap Up

Section 6: Miscellaneous Statements, Operators and Functions

Lecture 34 Let

Lecture 35 Join

Lecture 36 Union

Lecture 37 Datatable

Lecture 38 Prev and Next

Lecture 39 Top-hitters

Lecture 40 Sample

Lecture 41 Render

Section 7: Exporting Data

Lecture 42 Exporting to Excel / CSV and Power BI

Section 8: Test Your Knowledge

Lecture 43 Test Your Knowledge

Section 9: Bonus Section

Lecture 44 Bonus

Anyone needing to analyze data from Azure Security Center, Azure Sentinel, Application Insights, Resource Graph Explorer, or enabled diagnostics on your Azure resources,Anyone wanting to learn the amazing Kusto Query Language

Course Information:

Udemy | English | 4h 56m | 1.65 GB
Created by: Randy Minder

You Can See More Courses in the IT & Software >> Greetings from CourseDown.com

New Courses

Scroll to Top