🌴
The Amazing KQL
  • The Amazing KQL
  • 💠KQL Quick Guide
    • Useful Resources 🔦
    • My favorites 😍
      • search
      • take
      • where
      • summarize
        • arg_max()
        • count, countif
        • dcount, dcountif
        • take_any
      • distinct
      • case
      • project
        • project-reorder
        • project-away
        • project-rename
        • project-keep
      • sort by
      • extend
      • extract
        • extract_all
      • parse
      • stract
      • count
        • countif
      • mv-expand
      • dcount
        • dcountif
      • Create table
      • let
      • join
      • union
      • materialize
    • Need to practice more 🎯
      • toscalar
      • range
      • make-series
      • series_outliers
      • set_differenc
      • pack
      • summarize
        • make_bag
        • make_set, make_list
      • evaluate
        • pivot
        • bag_unpack
        • pack_all
      • mv-expand
      • set_difference
      • render
    • Need to learn later 🐢
      • scan
      • ExtractParseParse-kv-Tabular
      • decode
      • mv-apply
      • prev and next
      • row_cumsum
      • any
      • top-nested
      • Time Series
        • series_stats
        • series_fir
        • series_iir
        • series_fit_line
        • series_fit_2lines
      • Machine Learning
        • basket
        • autocluster
        • diffpatterns
        • reduce
  • 💻Microsoft Endpoint Manager
    • Device Inventory
      • Device OS version
      • Same AAD Device ID and Intune Device ID
Powered by GitBook
On this page
  • Blogs
  • Github
  • Microsoft Offical Doc
  • Twitter
  • Community event
  • Workbook
  • Demo Lab
  1. KQL Quick Guide

Useful Resources 🔦

PreviousThe Amazing KQLNextMy favorites 😍

Last updated 1 year ago

I started to learn KQL in Summer 2020. I just quit my long term job and collected two months of vacation. Beginning of my vacation was ok, but I found I was bored shortly after and needed to learn something new. So I found KQL!

KQL is so powerful and intersting, and I use it almost everyday.

Where and how did I start to learn this? Here is my list of where I begin.

  • Pluralsight:

Blogs

  • Blog:

  • Blog:

  • Blog:

  • Blog:

  • Blog:

  • Blog:

  • Blog:

Github

  • Github:

  • Github:

Microsoft Offical Doc

Twitter

Community event

Workbook

Azure Monitor workbook provides rich visual reports in Azure Portal and gives you a real-time and interactive experience. In addition, workbooks can query data from multiple sources within Azure, and combine all these data from different sources into a single report.

Here is my collection of where I begin to learn to create my first workbook

Demo Lab

Microsoft Doc:

Microsoft Doc:

Twitter:

Blog:

Video:

Blog:

Blog:

Microsoft Doc:

Blog:

💠
Kusto Query Language (KQL) from Scratch by Robert Cain
MSEndpointMgr.com
Become a KQL Ninja by Huy Kha
Kusto King by Gianni Castaldi
Azure Cloud & AI Domain Blog
Must Learn KQL by Rod Trent
CloudSMA by Billy York
Microsoft Sentinel 101
Microsoft 365 Defender - Resource Hub by Alex Verboon
awesome-kql-sentinel
Log Analytics tutorial
Log queries in Azure Monitor
The #365daysofkql hashtag by Matt Zorick
KQL Cafe
Azure Sentinel Workbooks 101 by Scott Muniz
How to build Azure Workbooks using logs and parameters | Azure Portal Series
Azure Automation Update Management Workbook by Billy York
Using Azure Monitor Workbooks to document your Azure resources by Mathieu Buisson
Azure Monitor Workbooks
MSEndpointMgr.com
https://aka.ms/LADemo
http://aka.ms/kustofree