Ingest data from #Logstash to @AzDataExplorer
#365daysofADX Day60

#AzureDataExplorer (#ADX) Logstash plugin enables you to process events from Logstash into an Azure Data Explorer database for later analysis.

Learn More
[1] https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-logstash
[2] https://learn.microsoft.com/en-us/azure/data-explorer/connector-overview

Ingest data from #ApacheKafka to @AzDataExplorer
#365daysofADX Day59

The #ADX #KafkaConnect sink connector makes ingestion from #Kafka, code free and configuration based, scalable and fault tolerant, easy to deploy, manage and monitor.

Learn More: https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-kafka

Ingest data in @AzDataExplorer using #Telegraf Output Plugin
#365daysofADX Day58

#AzureDataExplorer output supports both streaming and queued ingestion of data from many types of telegraf input plugins into #ADX.

[1] https://lnkd.in/dSPGMmRJ
[2] https://learn.microsoft.com/en-us/azure/data-explorer/connector-overview

Native Ingestion from Amazon S3 into @AzDataExplorer
#365daysofADX Day56

Customers can bring data from S3 natively without relying on complex ETL pipelines, with S3 support.

More: https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/azure-data-explorer-supports-native-ingestion-from-amazon-s3/ba-p/3606746

Sample: https://github.com/Azure/azure-kusto-samples-dotnet/tree/master/S3/S3EventGridPoc

Data Ingestion in @AzDataExplorer
#365daysofADX Day54

Data ingestion is the process used to load data records from one or more sources into a table in Azure Data Explorer. Once ingested, the data becomes available for query.

More: https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-overview

Visualize data with @AzDataExplorer dashboards
#365daysofADX Day53

ADX Dashboards (part of #ADX web UI), have a user-friendly interface, allowing users to quickly explore and analyze their data without the need for extensive technical knowledge.

More: https://learn.microsoft.com/en-us/azure/data-explorer/azure-data-explorer-dashboards

Right semi join in @AzDataExplorer
#365daysofADX Day52

Right semi-join returns all records from the right side that match a record from the left side. Only columns from the right side are returned.

Try: https://lnkd.in/dze9kFTe
More: https://lnkd.in/dBznzFTy

#Kusto #KQL #ADX

Left Semi join in @AzDataExplorer
#365daysofADX Day51

Left semi-join returns all records from the left side that match a record from the right side. Only columns from the left side are returned.

Try: https://lnkd.in/dKNy6VKd
Learn More: https://lnkd.in/dJrmh-DV

#Kusto #KQL #ADX

Right Anti Join in @AzDataExplorer
#365daysofADX Day50

Right anti-join returns all records from the right side that don't match any record from the left side.

Try: https://lnkd.in/d98BhDNS
Learn More: https://lnkd.in/dKCZpyEe

#ADX #KQL #AzureDataExplorer #Kusto #Azure #Data

Left Anti join in @AzDataExplorer
#365daysofADX Day49

Left anti-join returns all records from the left side that don't match any record from the right side.

Try: https://lnkd.in/dmCi_th4
Learn More: https://lnkd.in/dXg9xTB7

#Kusto #KQL #AzureDataExplorer #Joins #SQL #NoSQL #ADX

Full outer join in @AzDataExplorer
#365daysofADX Day48

A full outer-join combines the effect of applying both left and right outer-joins.

Run the example: https://lnkd.in/d8RYX2Mb
Learn More: https://lnkd.in/dtSFEG_a

#kusto #KQL #ADX #AzureDataExplore #nosql

Right outer join in @AzDataExplorer
#365daysofADX Day 47

The right outer join flavor resembles the left outer-join, but the treatment of the tables is reversed as it always contains all records on the right table.

Example: https://lnkd.in/d83K8e4K
More: https://lnkd.in/dybNuaRg

Inner join in @AzDataExplorer
#365daysofADX Day45

Like the standard inner-join from the SQL world, an output record is produced whenever a record on the left side has the same join key as the record on the right side.

Try: https://lnkd.in/dQHkNfyv
More: https://lnkd.in/dK2mBKdD

Default join in @AzDataExplorer
#365daysofADX Day44

The default join is an inner join with left side deduplication. It's useful in log/trace analysis scenarios to correlate 2 events, each matching some filtering criterion, under the same correlation ID.

https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#default-join-flavor

Create a dashboard from a query in @AzDataExplorer
#365daysofADX Day43

Dashboards are an excellent way to communicate data science insights visually. You can pin a query as a visual tile in ADX KWE

Learn More: https://lnkd.in/dH4r9NWJ

#KQL #Kusto #AzureDataExplorer #ADX #Azure

Join operator in @AzDataExplorer
#365daysofADX Day42

Merge the rows of two tables to form a new table by matching values of the specified columns from each table.

Run the sample - https://dataexplorer.azure.com/clusters/help/databases/ContosoSales?query=H4sIAAAAAAAAA3MuLS7Jz00tKuaqUcjKz8xTyM7MS7HNzMtLLVIITsxJLXZLTC5RyM9TcIYq9E6tBCotScxOVTA0AABvXAKoPgAAAA==

Learn more: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer

#Kusto #KQL #AzureDataExplorer #ADX

Anomaly chart in @AzDataExplorer
#365daysofADX Day41

The anomaly chart visualization is similar to a timechart, but highlights anomalies using the series_decompose_anomalies function.

Run this example - https://dataexplorer.azure.com/clusters/help/databases/Samples?query=H4sIAAAAAAAAA3WR3W7CMAyF73mKI25KpRbaTmjSUJ8CpF1WoXVptPxUifmb9vBLoGO7GFeR7ePv2I4ihpamYdToBBNLTYuqKF/zosyLdbqZqagQl/8UVV68oKreimLSdVFUDZtZR9o2WnxQ48lJ8tXsCzHM7yHMUdfidFiEN4U12AXoloUe0Turp4nYTsaeaYzs/RVedgis80CObkFdI9ltywTAagV4UtQyRKiZgyLEaTGZ9taFQqtIGHI4SX8USn4KltYEJF2YTIeFMFaHPPkMvrWOMuxFoEpDaVjujmo6aq0erafmIY+7ZCiX6wx5mSGJHb3kJA1sF8jB8q69toNwjLPkYfGTseqoja//eLNkRXXyTnuIcVyCneh72cL2YQdtDQ8ZHvIkDcsfPWH+3AvPvObx0FMXD/RLhfDYW9VhtNKwj/8U69M1b2S//AbRUQMWQQIAAA==

#KQL #Kusto #ADX
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/visualization-anomalychart?pivots=azuredataexplorer

#Timechart in @AzDataExplorer
#365daysofADX Day40

The time chart visual is similar to a line chart except the x-axis is always time.

Syntax
T | render timechart [with ( PropertyName = PropertyValue [, ...] )]

#KQL #Kusto #ADX #AzureDataExplorer

https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/visualization-timechart?pivots=azuredataexplorer

Line chart in @AzDataExplorer
#365daysofADX Day39

Line charts track changes over short and long periods of time.

Try it out - https://dataexplorer.azure.com/clusters/help/databases/Samples?query=H4sIAAAAAAAAAwsuyS/KdS1LzSsp5qpRKM9ILUpVCC5JLEm1tVUK8wxy9/TzdFQCyhQU5WelJpeA5IpKQjJzU3UUXBJzE9NTA4ryC1KLSiqBaopS81JSixRyMvNSkzOAygCpk5aiXAAAAA==
StormEvents
| where State=="VIRGINIA"
| project StartTime, DamageProperty
| render linechart

More - https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/visualization-linechart?pivots=azuredataexplorer

Checkout KQL Search: http://kqlsearch.com
A aggregator for KQL Queries that are shared on GitHub by @UgurKocDe

#KQL #365daysofADX #Kusto #AzureDataExplorer
---
RT @UgurKocDe
I also want to thank the community members that share KQL Learning materials and queries with the Community:
- @reprise_99
- @rodtrent
- @kustonaut
- @BertJanCyber
- @castello_johnny
- @ep3p
- @AzDataExplorer
https://twitter.com/UgurKocDe/status/1622983034889699330