KQL
2 minute read
Overview
KQL is query language that can be used to query Azure log databases such as Azure Monitor, Azure Insights and others.
- K Kusto
- Q Query
- L Language
Kusto is a reference to Jacques Cousteau (a famous underwater explorer) and was the original codename for Azure Application Insights.
KQL is very similar to SQL and uses a structured approach to querying data sets.
SQL example
SELECT * FROM Ingredients WHERE conference = 'Potato'
KQL example
Ingredients
| Where ingredient == 'Potato'
The pipe | character is used to step through the query and you can structure the query with multiple pipes on a per row basis such as this example.
Ingredients
| where ingredient == "Potato"
| order by type
Operators
| Operator | Example |
|---|---|
| Equals | Ingredient == ‘Potato’ |
| Case-insensitive | Ingredient =~ ‘potato’ |
| String contains | Ingredient contains ‘potato’ |
| Dates & Time | Starttime > now(-7d) |
Count
To count
Ingredients
| count
Project
In KQL project is the same as select in SQL. It allows you to pick columns of data.
Ingredients
| project ingredient, name
Sort
Sort all ingredients
Ingredients
| sort by ingredient
Sort first 10
Ingredients
| take 10
SQL to Kusto cheat sheet
Ref SQL to Kusto query translation - Azure Data Explorer | Microsoft Docs
The primary language to interact with Kusto is KQL (Kusto Query Language). To make the transition and learning experience easier, you can use Kusto to translate SQL queries to KQL. Send an SQL query to Kusto, prefixing it with the verb ‘EXPLAIN’.