querying data in azure data explorer
play

Querying Data in Azure Data Explorer Xavier Morera HELPING - PowerPoint PPT Presentation

Nov 23, 2023 •448 likes •1.27k views

Querying Data in Azure Data Explorer Xavier Morera HELPING DEVELOPERS UNDERSTAND SEARCH & BIG DATA @xmorera www.xaviermorera.com A Query Query Results Executing Queries Kusto Web UI Integration with Kusto Explorer other products

  1. Querying Data in Azure Data Explorer Xavier Morera HELPING DEVELOPERS UNDERSTAND SEARCH & BIG DATA @xmorera www.xaviermorera.com

  4. A Query

  5. Query Results

  6. Executing Queries Kusto Web UI Integration with Kusto Explorer other products

  8. Getting to Know the Kusto Query Language

  9. A Kusto query is a read-only request to process data and return results

  10. A Kusto query is a read-only request to process data and return results

  12. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; A Kusto Query Plain text statement Data-flow model - Designed to make the syntax easy to read, author, and automate

  13. s h s Kusto query - Uses schema entities - Organized in a hierarchy • Similar to SQL’s databases, tables, and columns Functions are supported - Stored, query-defined, and built-in

  14. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; A Kusto Query

  15. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; A Kusto Query Sequence of query statements

  16. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; A Kusto Query Sequence of query statements - Delimited by a semicolon (;)

  17. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; A Kusto Query Sequence of query statements - Delimited by a semicolon (;) At least one statement being a tabular expression statement

  18. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; Tabular Expression Statement Structure of a tabular expression statement

  19. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; Tabular Expression Statement Structure of a tabular expression statement - Tabular data sources - Database is implicit • Part of the connection information

  20. StormEvents | where StartTime > datetime(2007-02-01) | where EventType == 'Flood' and State == 'CALIFORNIA’ | project StartTime, EndTime , State , EventType | take 10; Statement Syntax Data flow from one tabular query operator to another Through a set of data transformation operators - Optionally, a render instruction as the last statement Bound together by a pipe (|) delimiter

  21. Kusto Query source1 | operator1 | operator2 | [renderInstruction]

  22. KQL & SQL

  23. KQL SQL StormEvents Select * FROM StormEvents StormEvents SELECT EpisodeId, State | where notnull(State) FROM StormEvents | project EpisodeId, State, WHERE State IS NOT NULL StormEvents SELECT TOP 100 State, | summarize Count=count() by COUNT(*) as Count State FROM StormEvents | project State, Count GROUP BY State | sort by Count desc ORDER BY Count DESC | take int(100),

  24. t h s Demo SQL to Kusto query translation Using EXPLAIN

  25. Querying Azure Data Explorer, the help Cluster, and the Sample Database

  26. The help Cluster and Sample Database Data Explorer provides a help cluster - Created to aid learning Contains sample data - StormEvents - Other databases - External tables - Functions No need for you to spin up a cluster to test

  27. t h s Demo The help Cluster and Sample Databases

  28. https://help.kusto.windows.net/

  30. Control Commands

  31. Control Commands Retrieve data not in the database tables Requests to modify the state Three mechanisms to tell apart from queries - Language level • Start with a dot (.) - Protocol level • Different endpoint - API level • Different functions

  32. .show cluster A Control Command Control command to show cluster information

  33. .show cluster | count A Control Command Control command to show cluster information Command can be combined with a query - Must start with the command - Query cannot contain a command

  34. .show cluster capacity databases commands tables table schema queries

  35. .create table .create-merge table .rename table .drop table Table Management Create a table in the current database - Or extend an existing table Rename And drop

  36. t h s Demo Control commands

  38. The Kusto Query Language (KQL)

  40. Types of Commands Filter Date / Time Sort / Aggregate Column Related Format Data

  41. Filter Commands [T [T] | ] | s search ch [ki [kind=Ca CaseSens nsitivi vity] ] T | where Predicate T [i [in ( (Ta TableSources)] )] Se SearchPredic icate where search

  42. where search Filters on a predicate Searches all columns - In the specified table Similar to SQL • Or all tables - For the value StormEvents StormEvents | where DamageCrops > 0 | search "heavy rain"

  43. Predicates and, or, ==, !=, =~, !~, <, >... has, !has, contains, !contains, startswith, endswith, matches... between, not-between, distinct in, !in case

  44. has contains Looks for a specific word Looks for any substring match Better performance StormEvents StormEvents | where EventType | where EventType has "Storm" contains "Storm"

  45. Date and Time now ago totimespan datetime_add, datetime_diff... dayofyear, dayofmonth, dayofweek...

  46. Sort and Aggregate sort by summarize top order by make-series count join dcount range union dcountif

  47. Columns project project-away extend

  48. Format Data Commands format_datetime lookup format_timespan mv-expand parse

  49. t h s Demo The Basics of KQL

  50. https://docs.microsoft.com /en-us/azure/data- explorer/kql-quick- reference

  51. More KQL Operators

  52. t h s Demo More KQL Operators

  53. s h s Bind names to expressions Name can be used - To refer to its bound value - Within current scope let When previously defined - Innermost let state binding used Improve modularity - Break complex expressions

  54. let Bind names to expressions let Name = ScalarExpression

  55. let Bind names to expressions let Name = TabularExpression

  56. let Bind names to expressions let Name = FunctionDefinitionExpression

  57. let Bind names to expressions let f=(a:int, b:string) { strcat(b, ":", a) }

  58. Advanced KQL

  59. Advanced KQL Time series analysis Machine learning

  60. Time Series Analysis Analyze time series - Discover deviations - Compared to a baseline Native support - Creation, manipulation, and analysis - Of time-series data Enables near real-time monitoring

  61. Time Series Analysis Native series support let min_t = toscalar(TABLE| summarize min(TIMESTAMP)); let max_t = toscalar(TABLE| summarize max(TIMESTAMP)); let dt = 1h; TABLE | make-series num=count() default=0 on TIMESTAMP in range(min_t, max_t, dt) by COLUMN | render timechart

  62. Time Series Anomaly Detection Step by step let min_t = datetime(2017-01-05); let max_t = datetime(2017-02-03 22:00); let dt = 2h; demo_make_series2 | make-series num=avg(num) on TimeStamp from min_t to max_t step dt by sid | where sid == 'TS1’ | extend (anomalies, score, baseline) = series_decompose_anomalies(num, 1.5, -1, 'linefit’) | render anomalychart with(anomalycolumns=anomalies, title='Web app. traffic of a month, anomalies')

  63. Time Analysis Complex Functions series_fir series_fit_2lines series_fit_line series_iir series_periods_detect series_periods_validate

  64. Machine Learning Perform Root Cause Analysis - Complex and lengthy process Three Machine Learning plugins - Autocluster - Basket - Diffpatterns

  65. t h s Demo Advanced KQL

  66. Querying External Tables

  67. Querying External Tables Query data stored outside a Kusto cluster External tables - Recognized as database entities - Just like regular Kusto tables Create external table - Data lake - Different formats supported

  68. t h s Demo Querying External Tables

  69. Data All data

  70. Partitioned Data 2020 2019 2018

  71. Create External Table with Partition (.create | .alter) external table TableName ( Schema ) kind = (blob | adl) [partition by ( Partitions ) [pathformat = ( PathFormat )]] dataformat = Format ( StorageConnectionString [, ...] ) [with (PropertyName = Value , ... )]

  72. Querying Data in Azure Monitor and Using the Flow Kusto Connector

  73. Query Data in Azure Monitor Proxy Cluster (ADX Proxy) - Enables cross product queries Data Explorer - The Azure Monitor Service • Application Insights (AI) • Log Analytics (LA) Create a connection from ADX Web UI - To Application Insights/Log Analytics - Using virtual cluster

Recommend

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &amp;

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &amp;

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &amp; Analytics Environment in Just 30-Days 10/21/2020 CONFI DENTI AL | 2020 | 1 Todays Presenter Rob Carek Director, Global Solution Development

349 views • 31 slides
Data Warehouses Google BigQuery AWS Redshift Azure Data Lake Apache Hive Motiv tivation

Data Warehouses Google BigQuery AWS Redshift Azure Data Lake Apache Hive Motiv tivation

Data Warehouses Google BigQuery AWS Redshift Azure Data Lake Apache Hive Motiv tivation ation What if you want unlimited capacity while supporting fast querying (i.e. like Google Search)? Small transactional in-memory databases

624 views • 20 slides
Configuring Data Security Policies in Microsoft Azure CONFIGURING DATA CLASSIFICATION IN

Configuring Data Security Policies in Microsoft Azure CONFIGURING DATA CLASSIFICATION IN

Configuring Data Security Policies in Microsoft Azure CONFIGURING DATA CLASSIFICATION IN MICROSOFT AZURE Reza Salehi CLOUD CONSULTANT @zaalion linkedin.com/in/rezasalehi2008 t h s Understanding data risks, governance and compliance

1.36k views • 40 slides
QUERYING AND MINING QUERYING AND MINING DATA STREAMS Elena Ikonomovska Joef Stefan Institute

QUERYING AND MINING QUERYING AND MINING DATA STREAMS Elena Ikonomovska Joef Stefan Institute

Advanced School on Data Exchange, Integration, and Streams - Dagstuhl, November 2010 QUERYING AND MINING QUERYING AND MINING DATA STREAMS Elena Ikonomovska Joef Stefan Institute Department of Knowledge Technologies Outline

856 views • 57 slides
The problem Combining querying of XML data with ontology queries Example XML document

The problem Combining querying of XML data with ontology queries Example XML document

XML Querying Using XML Querying Using Ontological Information Ontological Information Eric Svensson and Artur Wilk PPSWR06 Budva, Montenegro June 11 th , 2006 The problem Combining querying of XML data with ontology queries

207 views • 10 slides
ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT

ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT

ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT Infrastructure launched a Data Centre Transformation project as ENMAX had out grown our on premise data center This move was also consistent with a

186 views • 15 slides
Data Explorer Inspect, Visualize, and Collaborate from Any PDI Step Ben Hopkins Pentaho Senior

Data Explorer Inspect, Visualize, and Collaborate from Any PDI Step Ben Hopkins Pentaho Senior

Data Explorer Inspect, Visualize, and Collaborate from Any PDI Step Ben Hopkins Pentaho Senior Product Manager, Hitachi Vantara Agenda Today, we will cover: Background on Data Explorer (DE) and its main use cases Deeper dive on specific

382 views • 22 slides
Datacenter Computing @Microsoft David Levinthal Types of f data center computing are diverse

Datacenter Computing @Microsoft David Levinthal Types of f data center computing are diverse

Datacenter Computing @Microsoft David Levinthal Types of f data center computing are diverse Azure compute (classic concept of cloud computing) Exchange Data analytics (aka Cosmos or Azure Datalake) Azure storage (has distinct

316 views • 29 slides
SPARQL - Querying the Web of Data Seminar WS 2008/2009 RDF and the Web of Data Olaf Hartig

SPARQL - Querying the Web of Data Seminar WS 2008/2009 RDF and the Web of Data Olaf Hartig

SPARQL - Querying the Web of Data Seminar WS 2008/2009 RDF and the Web of Data Olaf Hartig hartig@informatik.hu-berlin.de 5257'N , 1342'O ? Olaf Hartig - Trustworthiness of Data on the Web 2 RDF in General Resource Description

857 views • 47 slides
Track Student Progress and Inform Continuous Improvement with the NAEP Data Explorer Robert

Track Student Progress and Inform Continuous Improvement with the NAEP Data Explorer Robert

Track Student Progress and Inform Continuous Improvement with the NAEP Data Explorer Robert Finnegan, Educational Testing Service Jason Nicholas, Westat Julie Williams, California Department of Education NAEP Data Explorer History and

697 views • 27 slides
Graph Data Processing M. Tamer Ozsu 1 / 75 Outline Introduction RDF Graph Querying

Graph Data Processing M. Tamer Ozsu 1 / 75 Outline Introduction RDF Graph Querying

Graph Data Processing M. Tamer Ozsu 1 / 75 Outline Introduction RDF Graph Querying General Graph Processing Offline analytics Online querying 2 / 75 Graph Data are Very Common Internet 3 / 75 Graph Data are Very Common Social

985 views • 75 slides
Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked

Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked

Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked Open Data set, you probably wonder: How can people query my Linked Data on the Web? A public SPARQL endpoint gives live

732 views • 57 slides
Querying Heterogeneous Information Sources Using Source Descriptions &amp; Data Integration: The

Querying Heterogeneous Information Sources Using Source Descriptions &amp; Data Integration: The

Data Integration: Querying Heterogeneous Information Sources Using Source Descriptions &amp; Data Integration: The Teenage Years CPSC 534P Rachel Pottinger September 19, 2011 Administrative Notes Homework 1 due now Ill get grades on

520 views • 34 slides
A-Brain: Large-scale Joint Genetic and Neuroimaging Data Analysis on Azure Clouds Project PIs:

A-Brain: Large-scale Joint Genetic and Neuroimaging Data Analysis on Azure Clouds Project PIs:

A-Brain: Large-scale Joint Genetic and Neuroimaging Data Analysis on Azure Clouds Project PIs: Gabriel Antoniu, Bertrand Thirion Contributors: Alexandru Costan, Benoit Da Mota, Radu Tudoran and the Microsoft Azure team from EMIC Final

740 views • 35 slides
Querying and Mining Data Streams: Querying and Mining Data Streams: You Only Get One Look You

Querying and Mining Data Streams: Querying and Mining Data Streams: You Only Get One Look You

Querying and Mining Data Streams: Querying and Mining Data Streams: You Only Get One Look You Only Get One Look A Tutorial A Tutorial Minos Garofalakis Garofalakis Johannes Gehrke Johannes Gehrke Minos Rajeev Rastogi Rajeev

1.58k views • 125 slides
Representing and Querying Linked Geospatial Data Kostis Kyzirakos kostis@cwi.nl Centrum voor

Representing and Querying Linked Geospatial Data Kostis Kyzirakos kostis@cwi.nl Centrum voor

Representing and Querying Linked Geospatial Data Kostis Kyzirakos kostis@cwi.nl Centrum voor Wiskunde en Informatica Database Architectures group Amsterdam Geonovum The Netherlands April 11, 2014 Outline The data model stRDF and the

645 views • 43 slides
Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W.

Efficiently Querying Contradictory and Uncertain Genealogical Data Lars E. Olson and David W. Embley DEG Lab BYU Computer Science Dept. Supported by National Science Foundation Grant #0083127 Introduction Integrating data from multiple

268 views • 15 slides
Data Discovery Tools Google Public Data Explorer and Fusion Tables Corrie Conrad, Program

Data Discovery Tools Google Public Data Explorer and Fusion Tables Corrie Conrad, Program

Data Discovery Tools Google Public Data Explorer and Fusion Tables Corrie Conrad, Program Manager, Google.org GLA Intelligence Seminar: Visualising London October 27, 2010 Organize the worlds information and make it universally accessible

517 views • 16 slides
Introduction to data stream querying and mining Georges HEBRAIL Workshop Franco-Brasileiro sobre

Introduction to data stream querying and mining Georges HEBRAIL Workshop Franco-Brasileiro sobre

Introduction to data stream querying and mining Georges HEBRAIL Workshop Franco-Brasileiro sobre Minerao de Dados Recife, May 5-7, 2009 Preliminaries Now at Google Page 2 G.HEBRAIL May 5th, 2009 Introduction to data stream querying

1.19k views • 86 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
What is ArcGIS Explorer A free GIS viewer by ESRI View a wide range of data Create and

What is ArcGIS Explorer A free GIS viewer by ESRI View a wide range of data Create and

ArcGIS Explorer An Overview Presented By Josh Stearns GIS Coordinator Northern Engineering &amp; Consulting, Inc What is ArcGIS Explorer A free GIS viewer by ESRI View a wide range of data Create and share maps Perform

514 views • 6 slides
W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I

W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I

W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I CAR-CNR DOLAP MAUI 2 Novem ber 2 0 1 2 Trajectory Data Prime Numbers Encoding for Paths Warehousing Steps Experimental Evaluation

262 views • 14 slides
Querying Your MMIS Taking Inventory at the Data Warehouse Andy Snyder Wisconsin Medicaid April

Querying Your MMIS Taking Inventory at the Data Warehouse Andy Snyder Wisconsin Medicaid April

Querying Your MMIS Taking Inventory at the Data Warehouse Andy Snyder Wisconsin Medicaid April 30, 2006 Overview Medicaid data: Whats in there? Know your data definitions Tips for better informal queries Formal queries for

449 views • 21 slides
Seven years of data taking and analysis of the data of the Explorer and Nautilus g.w. detectors

Seven years of data taking and analysis of the data of the Explorer and Nautilus g.w. detectors

Seven years of data taking and analysis of the data of the Explorer and Nautilus g.w. detectors Pia Astone ROG collaboration http://www.roma1.infn.it/rog http://www.roma1.infn.it/rog/astone GWDAW, Milwaukee December 2003 ON times of

769 views • 28 slides

More recommend