Queries
abs()
Learn how to use the abs() function to calculate the absolute value of an input.
acos()
Learn how to use the acos() function to calculate the angle of the cosine input.
active_users_count plugin
Learn how to use the active_users_count plugin to calculate the distinct count of values that appeared in a minimum number of periods in a lookback period.
activity_counts_metrics plugin
Learn how to use the activity_counts_metrics plugin to compare activity metrics in different time windows.
activity_engagement plugin
Learn how to use the activity_engagement plugin to calculate activity engagement ratios.
activity_metrics plugin
Learn how to use the activity_metrics plugin to calculate activity metrics using the current time window compared to the previous window.
Aggregation Functions
Learn how to use aggregation functions to perform calculations on a set of values and return a single value.
ago()
Learn how to use the ago() function to subtract a given timespan from the current UTC clock time.
ai_embed_text plugin (Preview)
Learn how to use the ai_embed_text plugin to embed text via language models, enabling various AI-related scenarios such as RAG application and semantic search.
Alias statement
Learn how to use an alias statement to define an alias for a database that is used for a query.
Analyze time series data
Learn how to analyze time series data.
Anomaly chart visualization
This article describes the anomaly chart visualization.
Anomaly diagnosis for root cause analysis
Use machine learning clustering for Root Cause Analysis.
Area chart visualization
This article describes the area chart visualization.
arg_max() (aggregation function)
Learn how to use the arg_max() aggregation function to find a row in a table that maximizes the input expression.
arg_min() (aggregation function)
Learn how to use the arg_min() aggregation function to find a row in a table that minimizes the input expression.
around() function
Learn how to use the around() function to indicate if the first argument is within a range around the center value.
array_concat()
Learn how to use the array_concat() function to concatenate many dynamic arrays to a single array.
array_iff()
Learn how to use the array_iff() function to scan and evaluate elements in an array.
array_index_of()
Learn how to use the array_index_of() function to search an array for a specified item, and return its position.
array_length()
Learn how to use the array_length() function to calculate the number of elements in a dynamic array.
array_reverse()
Learn how to use the array_reverse() function to reverse the order of the elements in a dynamic array.
array_rotate_left()
Learn how to use the array_rotate_left() function to rotate values inside a dynamic array to the left.
array_rotate_right()
Learn how to use the array_rotate_right() function to rotate values inside a dynamic array to the right.
array_shift_left()
Learn how to use the array_shift_left() function to shift the values inside a dynamic array to the left.
array_shift_right()
Learn how to use the array_shift_right() function to shift values inside a dynamic array to the right.
array_slice()
Learn how to use the array_slice() function to extract a slice of a dynamic array.
array_sort_asc()
Learn how to use the array_sort_asc() function to sort arrays in ascending order.
array_sort_desc()
Learn how to use the array_sort_desc() function to sort arrays in descending order.
array_split()
Learn how to use the array_split() function to split an array into multiple arrays.
array_sum()
Learn how to use the array_sum() function to calculate the sum of elements in a dynamic array.
as operator
Learn how to use the as operator to bind a name to the operator’s input tabular expression.
asin()
Learn how to use the asin() function to calculate the angle from a sine input.
assert()
Learn how to use the assert() function to check for a condition and output an error message when false.
atan()
Learn how to use the atan() function to return the inverse operation of tan().
atan2()
Learn how to use the atan2() function to calculate an angle in radians between axes.
autocluster plugin
Learn how to use the autocluster plugin to find common patterns in data.
avg() (aggregation function)
Learn how to use the avg() function to calculate the average value of an expression.
avgif() (aggregation function)
Learn how to use the avgif() function to return the average value of an expression where the predicate evaluates to true.
azure_digital_twins_query_request plugin
Learn how to use the azure_digital_twins_query_request plugin to run an Azure Digital Twins query as part of a Kusto query.
bag_has_key()
Learn how to use the bag_has_key() function to check if a dynamic property bag object contains a given key.
bag_keys()
Learn how to use the bag_keys() function to enumerate the root keys in a dynamic property bag object.
bag_merge()
Learn how to use the bag_merge() function to merge property bags.
bag_pack_columns()
Learn how to use the bag_pack_columns() function to create a dynamic JSON object from a list of columns.
bag_pack()
Learn how to use the bag_pack() function to create a dynamic JSON object from a list of keys and values.
bag_remove_keys()
Learn how to use the bag_remove_keys() function to remove keys and associated values from property bags.
bag_set_key()
Learn how to use the bag_set_key() function to set a given key to a given value in a dynamic property-bag.
bag_unpack plugin
Learn how to use the bag_unpack plugin to unpack a dynamic column.
bag_zip()
Learn how to use bag_zip() to merge two dynamic arrays into a single property-bag of keys and values.
Bar chart visualization
This article describes the bar chart visualization.
bartlett_test_fl()
This article describes the bartlett_test_fl() user-defined function.
base64_decode_toarray()
Learn how to use the base64_decode_toarray() function to decode a base64 string into an array of long values.
base64_decode_toguid()
Learn how to use base64_decode_toguid() function to return a GUID from a base64 string.
base64_decode_tostring()
Learn how to use a base64_decode_tostring() function to decode a base64 string into a UTF-8 string.
base64_encode_fromarray()
Learn how to use the base64_encode_fromarray() function to encode a base64 string from a bytes array.
base64_encode_fromguid()
Learn how to use the base64_encode_fromguid() function to return a base64 string from a GUID.
base64_encode_tostring()
This article describes base64_encode_tostring().
basket plugin
Learn how to use the basket plugin to find frequent patterns in data that exceed a frequency threshold.
Batches
This article describes Batches.
Best practices for Kusto Query Language (KQL) graph semantics
Learn about the best practices for Kusto Query Language (KQL) graph semantics.
Best practices for Kusto Query Language queries
This article describes Query best practices.
beta_cdf()
Learn how to use the beta_cdf() function to return a standard beta cumulative distribution function.
beta_inv()
Learn how to use the beta_inv() function to return the inverse of the beta cumulative probability density function.
beta_pdf()
Learn how to use the beta_pdf() function to return the beta probability density function.
bin_at()
Learn how to use the bin_at() function to round values down to a fixed-size bin.
bin_auto()
Learn how to use the bin_auto() function to round values down to a fixed-size bin.
bin()
Learn how to use the bin() function to round values down to an integer multiple of a given bin size.
binary_all_and() (aggregation function)
Learn how to use the binary_all_and() function to aggregate values using the binary AND operation.
binary_all_or() (aggregation function)
Learn how to use the binary_all_or() function to aggregate values using the binary OR operation.
binary_all_xor() (aggregation function)
Learn how to use the binary_all_xor() function to aggregate values using the binary XOR operation.
binary_and()
Learn how to use the binary_and() function to compare bits in corresponding operands.
binary_not()
Learn how to use the binary_not() function to return a bitwise negation of the input value.
binary_or()
Learn how to use the bianry_or() function to perform a bitwise OR operation of the two values.
binary_shift_left()
Learn how to use the binary_shift_left() function to perform a binary shift left operation on a pair of numbers.
binary_shift_right()
Learn how to use the binary_shift_right() function to perform a binary shift right operation on a pair of numbers.
binary_xor()
Learn how to use the binary_xor() function to perform the bitwise xor operation on a pair of values.
binomial_test_fl()
This article describes the binomial_test_fl() user-defined function.
bitset_count_ones()
Learn how to use the bitset_count_ones() function to return the number of set bits in the binary representation of a number.
Bitwise (binary) operators
This article lists the bitwise (binary) operators supported in the Kusto Query Language.
Broadcast join
Learn how to use the broadcast join execution strategy to distribute the join over nodes.
buildschema() (aggregation function)
Learn how to use the buildschema() function to build a table schema from a dynamic expression.
Card visualization
This article describes the card visualization.
case()
Learn how to use the case() function to evaluate a list of predicates and return the first expression for which the predicate evaluates to true.
ceiling()
Learn how to use the ceiling() function to calculate the smallest integer greater than, or equal to, the specified numeric expression.
cluster()
Learn how to use the cluster() function to change the reference of the query to a remote cluster or Eventhouse.
coalesce()
Learn how to use the coalesce() function to evaluate a list of expressions to return the first non-null expression.
Column chart visualization
This article describes the column chart visualization.
column_ifexists()
Learn how to use the column_ifexists() function to return a reference to the column if it exists.
Columns
This article describes Columns.
comb_fl()
This article describes comb_fl() user-defined function.
consume operator
Learn how to use the consume operator to consume the tabular data stream handed to the operator.
convert_angle()
Learn how to use the convert_angle() function to convert an angle input value from one unit to another.
convert_energy()
Learn how to use the convert_energy() function to convert an energy input value from one unit to another.
convert_force()
Learn how to use the convert_force() function to convert a force input value from one unit to another.
convert_length()
Learn how to use the convert_length() function to convert a length input value from one unit to another.
convert_mass()
Learn how to use the convert_mass() function to convert a mass input value from one unit to another.
convert_speed()
Learn how to use the convert_speed() function to convert a speed input value from one unit to another.
convert_temperature()
Learn how to use the convert_temperature() function to convert a temperature input value from one unit to another.
convert_volume()
Learn how to use the convert_volume() function to convert a volume input value from one unit to another.
cos()
Learn how to use the cos() function to return the cosine of the input value.
cosmosdb_sql_request plugin
Learn how to use the cosmosdb_sql_request plugin to send a SQL query to an Azure Cosmos DB SQL network endpoint to query small datasets.
cot()
Learn how to use the cot() function to calculate the trigonometric cotangent of the specified angle in radians.
count operator
Learn how to use the count operator to return the number of records in the input record set.
count_distinct() (aggregation function) - (preview)
Learn how to use the count_distinct() (aggregation function) to count unique values specified by a scalar expression per summary group.
count_distinctif() (aggregation function) - (preview)
Learn how to use the count_distinctif() function to count unique values of a scalar expression in records for which the predicate evaluates to true.
count() (aggregation function)
Learn how to use the count() function to count the number of records in a group.
countif() (aggregation function)
Learn how to use the countif() function to count the rows where the predicate evaluates to true.
countof()
Learn how to use the countof() function to count the occurrences of a substring in a string.
Cross-cluster and cross-database queries
This article describes cross-database and cross-cluster queries.
Cross-cluster join
Learn how to perform the Cross-cluster join operation to join datasets residing on different clusters.
current_cluster_endpoint()
Learn how to use the current_cluster_endpoint() function to return the network endpoint of the cluster being queried as a string type value.
current_database()
Learn how to use the current_database() function to return the name of the database in scope as a string type value.
current_principal_details()
Learn how to use the current_principal_details() function to return the details of the principal running the query.
current_principal_is_member_of()
Learn how to use the current_principal_is_member_of() function to check the identity of the principal running the query.
current_principal()
Learn how to use the current_principal() function to return the name of the principal running the query.
cursor_after()
Learn how to use the cursor_after() function to compare the ingestion time of the records of a table against the database cursor time.
cursor_before_or_at()
Learn how to use the cursor_before_or_at() function to compare the ingestion time of the records of a table against the database cursor time.
cursor_current()
Learn how to use the cursor_current() function to return a string type value.
database()
Learn how to use the database() function to change the reference of the query to a specific database.
Databases
This article describes Databases.
datatable operator
Learn how to use the datatable operator to define a table with given schema and data.
Datetime / timespan arithmetic
This article describes Datetime / timespan arithmetic.
datetime_add()
Learn how to use the datetime_add() function to calculate a new datetime.
datetime_diff()
Learn how to use the datetime_diff() function to calculate the period between two datetime values.
datetime_list_timezones()
Get a list of all supported timezones.
datetime_local_to_utc()
Learn how to use the datetime_local_to_utc() function to convert local datetime to UTC datetime.
datetime_part()
This article describes datetime_part().
datetime_utc_to_local()
This article describes the datetime_utc_to_local function.
dayofmonth()
Learn how to use the dayofmonth() function to return an integer representing the day of the month.
dayofweek()
Learn how to use the dayofweek() function to return the timespan since the preceding Sunday.
dayofyear()
Learn how to use the dayofyear() function to return the day number of the given year.
dbscan_dynamic_fl()
This article describes the dbscan_dynamic_fl() user-defined function.
dbscan_fl()
This article describes the dbscan_fl() user-defined function.
dcount_hll()
Learn how to use the dcount_hll() function to calculate the distinct count from hyper log log (hll) intermediate calculation results.
dcount_intersect plugin
Learn how to use the dcount_intersect plugin to calculate the intersection between N sets based on hyper log log (hll) values.
dcount() (aggregation function)
Learn how to use the dcount() function to return an estimate of the number of distinct values of an expression within a group.
dcountif() (aggregation function)
Learn how to use the dcountif() function to return an estimate of the number of distinct values of an expression for rows where the predicate evaluates to true.
degrees()
Learn how to use the degrees() function to convert angle values from radians to values in degrees.
detect_anomalous_new_entity_fl()
Learn how to use the detect_anomalous_new_entity_fl() function to detect the appearance of anomalous new entities.
diffpatterns plugin
Learn how to use the diffpatterns plugin to compare two datasets of the same structure to find the differences between the two datasets.
diffpatterns_text plugin
Learn how to use the diffpatterns_text plugin to compare two string value datasets to find the differences between the two datasets.
distinct operator
Learn how to use the distinct operator to create a table with the distinct combination of the columns of the input table.
dynamic_to_json()
Learn how to use the dynamic_to_json() function to convert a scalar value of type dynamic to a canonical string representation.
endofday()
Learn how to use the endofday() function to return a datetime representing the end of the day for the given date value.
endofmonth()
Learn how to use the endofmonth() function to return a datetime representing the end of the month for the given date value.
endofweek()
Learn how to use the endofweek() function to return a datetime representing the end of the week for the given date value.
endofyear()
Learn how to use the endofyear() function to return a datetime representing the end of the year for the given date value.
Entities
This article describes Entities.
Entity names
This article describes Entity names.
Entity references
This article describes Entity references.
erf()
This article describes erf() function.
erfc()
This article describes erfc() function.
estimate_data_size()
Learn how to use the estimate_data_size() function to return an estimated data size in bytes of the selected columns of the tabular expression.
evaluate plugin operator
Learn how to use the evaluate plugin operator to invoke plugins.
exp()
Learn how to use the exp() function to return the base-e exponential value of x.
exp10()
Learn how to use the exp10() function to return the base-10 exponential value of x.
exp2()
Learn how to use the exp2() function to return the base-2 exponential value of x.
extend operator
Learn how to use the extend operator to create calculated columns and append them to the result set.
extent_id()
Learn how to use the extent_id() function to return an identifier of the current record’s data shard
extent_tags()
Learn how to use the extent_tags() function to return a dynamic array of the data shard that the current record is in.
External tables
This article describes External tables.
external_table()
Learn how to use the external_table() function to reference an external table by name.
externaldata operator
Learn how to use the externaldata operator to return a data table of the given schema whose data was parsed from the specified storage artifact.
extract_all()
Lean how to use the extract_all() to extract all matches for a regular expression from a source string.
extract_json()
Learn how to use the extract_json() function to get a specified element out of a JSON text using a path expression.
extract()
Learn how to use the extract() function to get a match for a regular expression from a source string.
facet operator
Learn how to use the facet operator to return a table for each specified column.
Fact and dimension tables
This article describes Fact and dimension tables.
factorial_fl()
This article describes factorial_fl() user-defined function.
find operator
Learn how to use the find operator to find rows that match a predicate across a set of tables.
fork operator
Learn how to use the fork operator to run multiple consumer operators in parallel.
format_bytes()
Learn how to use the format_bytes() function to format a number as a string representing the data size in bytes.
format_datetime()
Learn how to use the format_datetime() function to format a datetime according to the provided format.
format_ipv4_mask()
Learn how to use the format_ipv4_mask() function to parse the input with a netmask and return a string representing the IPv4 address in CIDR notation.
format_ipv4()
Learn how to use the format_ipv4() function to parse the input with a netmask and return a string representing the IPv4 address.
format_timespan()
Learn how to use the format_timespan() function to format a timespan according to the provided format.
fullouter join
Learn how to use the fullouter join flavor to merge the rows of two tables.
Functions
This article describes Functions.
Functions library
This article describes user-defined functions that extend query environment capabilities.
funnel_sequence plugin
Learn how to use the funnel_sequence plugin to learn how to calculate the distinct count of users who have taken a sequence of states, and the distribution of previous/next states that have led to/were followed by the sequence.
funnel_sequence_completion plugin
Learn how to use the funnel_sequence_completion plugin to calculate a funnel of completed sequence steps while comparing different time periods.
gamma()
Learn how to use the gamma() function to compute the gamma of the input parameter.
geo_angle()
Learn how to use the geo_angle() function to calculate the angle between two lines on Earth.
geo_azimuth()
Learn how to use the geo_azimuth() function to calculate the angle between the true north and a line on Earth.
geo_distance_2points()
Learn how to use the geo_distance_2points() function to calculate the shortest distance between two geospatial coordinates on Earth.
geo_distance_point_to_line()
Learn how to use the geo_distance_point_to_line() function to calculate the shortest distance between a coordinate and a line or multiline on Earth.
geo_distance_point_to_polygon()
Learn how to use the geo_distance_point_to_polygon() function to calculate the shortest distance between a coordinate and a polygon or a multipolygon on Earth.
geo_geohash_neighbors()
Learn how to use the geo_geohash_neighbors() function to calculate geohash neighbors.
geo_geohash_to_central_point()
Learn how to use the geo_geohash_to_central() function to calculate the geospatial coordinates that represent the center of a geohash rectangular area.
geo_geohash_to_polygon()
Learn how to use the geo_geohash_to_polygon() function to calculate the polygon that represents the geohash rectangular area.
geo_h3cell_children()
Learn how to use the geo_h3cell_children() function to calculate the H3 cell children.
geo_h3cell_level()
Learn how to use the geo_h3cell_level() function to calculate the H3 cell resolution.
geo_h3cell_neighbors()
Learn how to use the geo_h3cell_neighbors() function to calculate the H3 cell neighbors.
geo_h3cell_parent()
Learn how to use the geo_h3cell_parent() function to calculate the H3 cell parent.
geo_h3cell_rings()
Learn how to use the geo_h3cell_rings() function to calculate the H3 cell rings.
geo_h3cell_to_central_point()
Learn how to use the geo_h3cell_to_central_point() function to calculate the geospatial coordinates that represent the center of an H3 cell.
geo_h3cell_to_polygon()
Learn how to use the geo_h3cell_to_polygon() function to calculate the polygon that represents the H3 Cell rectangular area.
geo_info_from_ip_address()
Learn how to use the geo_info_from_ip_address() function to retrieve geolocation information about IPv4 or IPv6 addresses.
geo_intersection_2lines()
Learn how to use the geo_intersection_2lines() function to calculate the intersection of two line strings or multiline strings.
geo_intersection_2polygons()
Learn how to use the geo_intersection_2polygons() function to calculate the intersection of two polygons or multipolygons.
geo_intersection_line_with_polygon()
Learn how to use the geo_intersection_line_with_polygon() function to calculate the intersection of a line string or a multiline string with a polygon or a multipolygon.
geo_intersects_2lines()
Learn how to use the geo_intersects_2lines() function to check if two line strings or multiline strings intersect.
geo_intersects_2polygons()
Learn how to use the geo_intersects_2polygons() function to calculate whether two polygons or multipolygons intersect
geo_intersects_line_with_polygon()
Learn how to use the geo_intersects_line_with_polygon() function to check if a line string or a multiline string intersect with a polygon or a multipolygon.
geo_line_buffer()
Learn how to use the geo_line_buffer() function to calculate line buffer
geo_line_centroid()
Learn how to use the geo_line_centroid() function to calculate the centroid of a line or a multiline on Earth.
geo_line_densify()
Learn how to use the geo_line_densify() function to convert planar lines or multiline edges to geodesics.
geo_line_length()
Learn how to use the geo_line_length() function to calculate the total length of a line string or a multiline string on Earth.
geo_line_simplify()
Learn how to use the geo_line_simplify() function to simplify a line string or a multiline string.
geo_line_to_s2cells()
Learn how to use the geo_line_to_s2cells() function to calculate S2 cell tokens that cover a line or a multiline on Earth.
geo_point_buffer()
Learn how to use the geo_point_buffer() function to calculate point buffer
geo_point_in_circle()
Learn how to use the geo_point_in_circle() function to check if the geospatial coordinates are inside a circle on Earth.
geo_point_in_polygon()
Learn how to use the geo_point_in_polygon() function to check if the geospatial coordinates are inside a polygon or a multipolygon on Earth.
geo_point_to_geohash()
Learn how to use the geo_point_to_geohash() function to calculate the geohash string value of a geographic location.
geo_point_to_h3cell()
Learn how to use the geo_point_to_h3cell() function to calculate the H3 Cell token string value of a geographic location.
geo_point_to_s2cell()
Learn how to use the geo_point_to_s2cell() function to calculate the S2 cell token string value of a geographic location.
geo_polygon_area()
Learn how to use the geo_polygon_area() function to calculate the area of a polygon or a multipolygon on Earth.
geo_polygon_buffer()
Learn how to use the geo_polygon_buffer() function to calculate polygon buffer
geo_polygon_centroid()
Learn how to use the geo_polygon_centroid() function to calculate the centroid of a polygon or a multipolygon on Earth.
geo_polygon_densify()
Learn how to use the geo_polygon_densify() function to convert polygon or multipolygon planar edges to geodesics.
geo_polygon_perimeter()
Learn how to use the geo_polygon_perimeter() function to calculate the length of the boundary of a polygon or a multipolygon on Earth.
geo_polygon_simplify()
Learn how to use the geo_polygon_simplify() function to simplify a polygon or a multipolygon.
geo_polygon_to_h3cells()
Learn how to use the geo_polygon_to_h3cells() function to calculate H3 cells for a polygon
geo_polygon_to_s2cells()
Learn how to use the geo_polygon_to_s2cells() function to calculate S2 cell tokens that cover a polygon or a multipolygon on Earth.
geo_s2cell_neighbors()
Learn how to use the geo_s2cell_neighbors() function to calculate S2 cell neighbors.
geo_s2cell_to_central_point()
Learn how to use the geo_s2cell_to_central_point() function to calculate the geospatial coordinates that represent the center of an S2 cell.
geo_s2cell_to_polygon()
Learn how to use the geo_s2cell_to_polygon() function to calculate the polygon that represents the S2 Cell rectangular area.
geo_simplify_polygons_array()
Learn how to use the geo_simplify_polygons_array() function to simplify polygons by replacing nearly straight chains of short edges with a single long edge on Earth.
geo_union_lines_array()
Learn how to use the geo_union_lines_array() function to calculate the union of line strings or multiline strings on Earth.
geo_union_polygons_array()
Learn how to use the geo_union_polygons_array() function to calculate the union of polygons or multipolygons on Earth.
geoip_fl()
Learn how to use the geoip_fl() user-defined function.
Geospatial data visualizations
Learn how to visualize geospatial data.
Geospatial grid system
Learn how to use geospatial grid systems to cluster geospatial data.
get_packages_version_fl()
Learn how to use the get_packages_version_fl() user-defined function.
getschema operator
Learn how to use the getschema operator to create a tabular schema of the input.
gettype()
Learn how to use the gettype() function to return a string representing the runtime type of its single argument.
getyear()
Learn how tow use the getyear() function to return the year of the datetime input.
Graph operators
Learn how to use KQL graph operators.
graph-mark-components operator (Preview)
Learn how to use the graph-mark-components operator to find and mark all connected components of a graph.
graph-match operator
Learn how to use the graph-match operator to search for all occurrences of a graph pattern in a graph.
graph-shortest-paths Operator (Preview)
Learn how to use the graph-shortest-paths operator to efficiently find the shortest paths from a given set of source nodes to a set of target nodes within a graph
graph-to-table operator
Learn how to use the graph-to-table operator to export nodes or edges from a graph to tables.
gzip_compress_to_base64_string
Learn how to use the gzip_compress_to_base64_string() function to gzip-compress an input and encode it into a base64 string.
gzip_decompress_from_base64_string()
Learn how to use the gzip_decompress_from_base64_string() function to decode an input string from base64 and perform a gzip-decompression.
has_any_ipv4_prefix()
Learn how to use the has_any_ipv4_prefix() function to check if any IPv4 address prefixes appear in the text.
has_any_ipv4()
Learn how to use the has_any_ipv4() function to check if any IPv4 addresses appear in the text.
has_ipv4_prefix()
Learn how to use the has_ipv4_prefix() function to check if a specified IPv4 address prefix appears in the text.
has_ipv4()
Learn how to use the has_ipv4() function to check if a specified IPv4 address appears in the text.
hash_combine()
learn how to use the hash_combine() function to combine hash values of two or more hashes.
hash_many()
Learn how to use the hash_many() function to return a combined hash value of multiple values.
hash_md5()
Learn how to use the hash_md5() function to return the MD5 hash value of the input.
hash_sha1()
Learn how to use the hash_sha1() function to return a sha1 hash value of the source input.
hash_sha256()
Learn how to use the hash_sha256() function to return a sha256 hash value of the source input.
hash_xxhash64()
Learn how to use the hash_xxhash64() function to return the xxhash64 value of the input.
hash()
Learn how to use the hash() function to return the hash value of the input.
hll_if() (aggregation function)
Learn how to use the hll_if() function to calculate the intermediate results of the dcount() function.
hll_merge()
Learn how to use the hll_merge() function toe merge HLL results.
hll_merge() (aggregation function)
Learn how to use the hll_merge() function to merge HLL results into a single HLL value.
hll() (aggregation function)
Learn how to use the hll() function to calculate the results of the dcount() function.
hourofday()
Learn how to use the hourofday() function to return an integer representing the hour of the given date.
http_request plugin
Learn how to use the http_request plugin to send an HTTP request and convert the response into a table.
http_request_post plugin
Learn how to use the http_request_post plugin to send an HTTP request and convert the response into a table.
iff()
This article describes iff().
indexof_regex()
Learn how to use the indexof_regex() function to return the zero-based index position of a regex input.
indexof()
Learn how to use the indexof() function to report the zero-based index position of the input string.
infer_storage_schema plugin
Learn how to use the infer_storage_schema plugin to infer the schema of external data.
infer_storage_schema_with_suggestions plugin
Learn how to use the infer_storage_schema_with_suggestions plugin to infer the optimal schema of external data.
ingestion_time()
Learn how to use the ingestion_time() function to return the approximate time of the data’s ingestion.
inner join
Learn how to use the inner join flavor to merge the rows of two tables.
innerunique join
Learn how to use the innerunique join flavor to merge the rows of two tables.
invoke operator
Learn how to use the invoke operator to invoke a lambda expression that receives the source of invoke as a tabular parameter argument
ipv4_compare()
Learn how to use the ipv4_compare() function to compare two IPv4 strings.
ipv4_is_in_any_range()
Learn how to use the ipv4_is_in_any_range() function to check if the IPv4 string address is in any of the IPv4 address ranges.
ipv4_is_in_range()
Learn how to use the ipv4_is_in_range() function to check if the IPv4 string address is in the IPv4-prefix notation range.
ipv4_is_match()
Learn how to use the ipv4_is_match() function to match two IPv4 strings.
ipv4_is_private()
Learn how to use the ipv4_is_private() function to check if the IPv4 string address belongs to a set of private network IPs.
ipv4_lookup plugin
Learn how to use the ipv4_lookup plugin to look up an IPv4 value in a lookup table.
ipv4_netmask_suffix()
Learn how to use the ipv4_netmask_suffix() function to return the value of the IPv4 netmask suffix from an IPv4 string address.
ipv4_range_to_cidr_list()
Learn how to use the ipv4_range_to_cidr_list() function to convert IPv4 address range to a list of CIDR ranges.
ipv6_compare()
Learn how to use the ipv6_compare() function to compare two IPv6 or IPv4 network address strings.
ipv6_is_in_any_range()
Learn how to use the ipv6_is_in_any_range function to check if an IPv6 string address is in any of the IPv6 address ranges.
ipv6_is_in_range()
Learn how to use the ipv6_is_in_range() function to check if an IPv6 string address is in the Ipv6-prefix notation range.
ipv6_is_match()
Learn how to use the ipv6_is_match() function to match two IPv6 or IPv4 network address strings.
ipv6_lookup plugin
Learn how to use the ipv6_lookup plugin to look up an IPv6 address in a lookup table.
isascii()
Learn how to use the isascii() to check if the argument is a valid ascii string.
isempty()
Learn how to use the isempty() function to check if the argument is an empty string.
isfinite()
Learn how to use the isfinite() function to check if the input is a finite value.
isinf()
Learn how to use the isinf() function to check if the input is an infinite value.
isnan()
Learn how to use the isnan() function to check if the input is a not-a-number (NaN) value.
isnotempty()
Learn how to use the isnotempty() function to check if the argument isn’t an empty string.
isnotnull()
Learn how to use the isnotnull() function to check if the argument isn’t null.
isnull()
Learn how to use the isnull() function to check if the argument value is null.
isutf8()
Learn how to use the isutf8() function to check if the argument is a valid utf8 string.
jaccard_index()
Learn how to use the jaccard_index() function to calculate the Jaccard index of two input sets.
join operator
Learn how to use the join operator to merge the rows of two tables.
Joining within time window
Learn how to perform a time window join operation to match between two large datasets.
JSONPath syntax
Learn how to use JSONPath expressions to specify data mappings and KQL functions that process dynamic objects.
kmeans_dynamic_fl()
This article describes the kmeans_dynamic_fl() user-defined function.
kmeans_fl()
This article describes the kmeans_fl() user-defined function.
KQL docs navigation guide
Learn how to understand which version of KQL documentation you are viewing and how to switch to a different version.
ks_test_fl()
This article describes the ks_test_fl() user-defined function.
Kusto partition & compose intermediate aggregation results
Learn how to use the hll() and tdigest() functions to partition and compose intermediate results of aggregations.
Kusto Query Language (KQL) graph semantics overview
Learn about how to contextualize data in queries using KQL graph semantics
Kusto query result set exceeds internal limit
This article describes Query result set has exceeded the internal.
Ladder chart visualization
This article describes the ladder chart visualization.
leftanti join
Learn how to use the leftanti join flavor to merge the rows of two tables.
leftouter join
Learn how to use the leftouter join flavor to merge the rows of two tables.
leftsemi join
Learn how to use the leftsemi join flavor to merge the rows of two tables.
Let statement
Learn how to use the Let statement to set a variable name to define an expression or a function.
levene_test_fl()
This article describes the levene_test_fl() user-defined function.
Line chart visualization
This article describes the line chart visualization.
log_reduce_fl()
Learn how to use the log_reduce_fl() function to find common patterns in semi-structured textual columns.
log_reduce_full_fl()
This article describes the log_reduce_full_fl() user-defined function.
log_reduce_predict_fl()
This article describes the log_reduce_predict_fl() user-defined function.
log_reduce_predict_full_fl()
This article describes the log_reduce_predict_full_fl() user-defined function.
log_reduce_train_fl()
This article describes the log_reduce_train_fl() user-defined function.
log()
Learn how to use the log() function to return the natural logarithm of the input.
log10()
Learn how to use the log10() function to return the common (base-10) logarithm of the input.
log2()
Learn how to use the log2() function to return the base-2 logarithm of the input.
loggamma()
Learn how to use the loggamma() function to compute the log of the absolute value of the gamma function.
Logical (binary) operators
Learn how to use Logical (binary) operators to return a Boolean result.
lookup operator
Learn how to use the lookup operator to extend columns of a fact table.
make_bag_if() (aggregation function)
Learn how to use the make_bag_if() function to create a dynamic JSON property bag of expression values where the predicate evaluates to true.
make_bag() (aggregation function)
Learn how to use the make_bag() aggregation function to create a dynamic JSON property bag.
make_datetime()
Learn how to use the make_datetime() function to create a datetime scalar value from the specified date and time.
make_list_if() (aggregation function)
Learn how to use the make_list_if() aggregation function to create a dynamic JSON object of expression values where the predicate evaluates to true.
make_list_with_nulls() (aggregation function)
Learn how to use the make_list_with_nulls() aggregation function to create a dynamic JSON object (array) which includes null values.
make_list() (aggregation function)
Learn how to use the make_list() function to create a dynamic JSON object array of all the values of the expressions in the group.
make_set_if() (aggregation function)
Learn how to use the make_set_if() function to create a dynamic JSON object of a set of distinct values that an expression takes where the predicate evaluates to true.
make_set() (aggregation function)
Learn how to use the make_set() function to return a JSON array of the distinct values that the expression takes in the group.
make_timespan()
Learn how to use the make_timespan() function to create a timespan scalar value from the specified time period.
make-graph operator
Learn how to use the graph-to-table operator to build a graph structure from tabular inputs of edges and nodes.
make-series operator
Learn how to use the make-series operator to create a series of specified aggregated values along a specified axis.
mann_whitney_u_test_fl()
This article describes the mann_whitney_u_test_fl() user-defined function.
matches regex operator
Learn how to use the matches regex string operator to filter a record set based on a case-sensitive regex value.
materialize()
Learn how to use the materialize() function to capture the value of a tabular expression for reuse.
materialized_view()
Learn how to use the materialized_view() function to reference the materialized part of a materialized view.
max_of()
Learn how to use the max_of() function to return the maximum value of all argument expressions.
max() (aggregation function)
Learn how to use the max() function to find the maximum value of the expression in the table.
maxif() (aggregation function)
Learn how to use the maxif() function to calculate the maximum value of an expression where the predicate evaluates to true.
merge_tdigest()
Learn how to use the merge_tdigest() function to merge columns.
min_of()
Learn how to use the min_of() function to return the minimum value of all argument expressions.
min() (aggregation function)
Learn how to use the min() function to find the minimum value in a table.
minif() (aggregation function)
Learn how to use the minif() function to return the minimum value of an expression where the predicate evaluates to true.
monthofyear()
Learn how to use the monthofyear() function to get the integer representation of the month.
mv-apply operator
Learn how to use the mv-apply operator to apply a subquery to each record and union the results of each subquery.
mv-expand operator
Learn how to use the mv-expand operator to expand multi-value dynamic arrays or property bags into multiple records.
mysql_request plugin
Learn how to use the mysql_request plugin to send a SQL query to a MySQL server network endpoint.
Named expressions
Learn how to optimally use named expressions.
narrow plugin
Learn how to use the narrow plugin to display a wide table.
new_activity_metrics plugin
Learn how to use the new_activity_metrics plugin to calculate activity metrics.
new_guid()
Learn how to use the new_guid() function to return a random GUID (Globally Unique Identifier).
next()
Learn how to use the next() function to return the value of the next column at an offset.
normality_test_fl()
This article describes the normality_test_fl() user-defined function.
not()
Learn how to use the not() function to reverse the value of its boolean argument.
now()
Learn how to use the now() function to return the current UTC time.
Null values
Learn how to use and understand null values.
Numerical operators
Learn how to use numerical operators to calculate the value from two or more numbers.
Overflows
This article describes Overflows.
pack_all()
Learn how to use the pack_all() function to create a dynamic object from all the columns of the tabular expression.
pack_array()
Learn how to use the pack_array() function to pack all input values into a dynamic array.
pair_probabilities_fl()
This article describes the pair_probabilities_fl() user-defined function.
pairwise_dist_fl()
Learn how to use the pairwise_dist_fl() function to calculate the multivariate distance between data points in the same partition.
parse operator
Learn how to use the parse operator to parse the value of a string expression into one or more calculated columns.
parse_command_line()
Learn how to use the parse_command_line() function to parse a unicode command-line string.
parse_csv()
Learn how to use the parse_csv() function to split a given string representing a single record of comma-separated values.
parse_ipv4_mask()
Learn how to use the parse_ipv4_mask() function to convert an IPv4 input string and netmask to a 64-bit wide long number in big-endian order.
parse_ipv4()
Learn how to use the parse_ipv4() function to convert an IPv4 string to a long number in big-endian order.
parse_ipv6_mask()
Learn how to use the parse_ipv6_mask() function to convert IPv6 or IPv4 strings and netmask to a canonical IPv6 string representation.
parse_ipv6()
Learn how to use the parse_ipv6() function to convert IPv6 or IPv4 strings to a canonical IPv6 string representation.
parse_json() function
Learn how to use the parse_json() function to return an object of type dynamic.
parse_path()
Learn how to use the parse_path() function to parse a file path.
parse_url()
Learn how to use the parse_url() function to parse a URL string.
parse_urlquery()
Learn how to use the parse_urlquery() function to return a dynamic object that contains the query parameters.
parse_user_agent()
Learn how to use the parse_user_agent() to return a dynamic object that contains information about the user-agent.
parse_version()
Learn how to use the parse_version() function to convert the input string representation of the version to a comparable decimal number,
parse_xml()
Learn how to use the parse_xml() function to return a dynamic object that is determined by the value of XML.
parse-kv operator
Learn how to use the parse-kv operator to represent structured information extracted from a string expression in a key/value form.
parse-where operator
Learn how to use the parse-where operator to parse the value of a string expression into one or more calculated columns.
partition operator
Learn how to use the partition operator to partition the records of the input table into multiple subtables.
Pattern statement
Learn how to use pattern statements to map string tuples to tabular expressions.
percentile_array_tdigest()
Learn how to use the percentile_array_tdigest() to calculate the percentile value of an expression.
percentile_tdigest()
Learn how to use the percentile_tdigest() function to calculate the percentile value of an expression.
percentile(), percentiles()
Learn how to use the percentile(), percentiles() functions to calculate estimates for nearest rank percentiles.
percentiles_linear_fl()
Learn how to use the percentiles_linear_fl() function to calculate percentiles using the linear interpolation between closest ranks.
percentilew(), percentilesw()
Learn how to use the percentilew(), percentilesw() functions to calculate weighted percentiles.
percentrank_tdigest()
Learn how to use the percentrank_tdigest() function to calculate the approximate rank of the value in a set.
perm_fl()
This article describes perm_fl() user-defined function.
pi()
Learn how to use the pi() function to return the constant value of Pi.
Pie chart visualization
This article describes the pie chart visualization.
Pivot chart visualization
This article describes the pivot chart visualization.
pivot plugin
Learn how to use the pivot plugin to rotate a table with specified columns and aggregates the remaining columns.
Plotly visualization
This article describes how to visualize data using the Plotly graphics library.
plotly_anomaly_fl()
Learn how to use the plotly_anomaly_fl() user-defined function.
plotly_gauge_fl()
Learn how to use the plotly_gauge_fl() user-defined function.
plotly_scatter3d_fl()
Learn how to use the plotly_scatter3d_fl() user-defined function.
postgresql_request plugin
Learn how to use the postgresql_request plugin to send a SQL query to a PostgreSQL server network endpoint.
pow()
Learn how to use the pow() function to calculate the base raised to the power of the exponent.
predict_fl()
This article describes the predict_fl() user-defined function.
predict_onnx_fl()
This article describes the predict_onnx_fl() user-defined function.
prev()
Learn how to use the prev() function to return the value of a specific column in a specified row.
preview plugin
Learn how to use the preview plugin to return two tables, one with the specified number of rows, and the other with the total number of records.
print operator
Learn how to use the print operator to output a single row with one or more scalar expression results as columns.
Project operator
Learn how to use the project operator to select columns to include, rename or drop, and to insert new computed columns in the output table.
project-away operator
Learn how to use the project-away operator to select columns from the input table to exclude from the output table.
project-keep operator
Learn how to use the project-keep operator to select columns from the input to keep in the output.
project-rename operator
Learn how to use the project-rename operator to rename columns in the output table.
project-reorder operator
Learn how to use the project-reorder operator to reorder columns in the output table.
punycode_domain_from_string
This article describes the punycode_domain_from_string() command.
punycode_domain_to_string
This article describes the punycode_domain_to_string() command.
punycode_from_string
This article describes the punycode_from_string() command.
punycode_to_string
This article describes the punycode_to_string() command.
Python plugin
Learn how to use the Python plugin to run user-defined functions using a Python script.
Python plugin packages
Learn about the Python packages available in the Python plugin.
quantize_fl()
This article describes the quantize_fl() user-defined function.
Queries
Learn how to use queries to explore and process data in the context of databases.
Query consistency
This article describes Query consistency.
Query limits
This article describes Query limits.
Query parameters declaration statement
Learn how to use the query parameters declaration statement to parameterize queries and protect against injection attacks.
Query results cache
Learn how to use the query results cache functionality to get cached results.
Query statements
This article lists the types of query statements.
R plugin (Preview)
Learn how to use the R plugin (Preview) to run a user-defined function using an R script.
radians()
Learn how to use the radians() function to convert angle values from degrees to radians.
rand()
Learn how to use the rand() function to return a random number.
range operator
Learn how to use the range operator to generate a single-column table of values.
range()
Learn how to use the range() function to generate a dynamic array holding a series of equally spaced values.
rank_tdigest()
Learn how to use the rank_tdigest() function to calculate the approximate rank of the value in a set.
reduce operator
Learn how to use the reduce operator to group a set of strings together based on value similarity.
Regex syntax
Learn about the regular expression syntax supported by Kusto Query Language (KQL).
regex_quote()
Learn how to use the regex_quote() function to return a string that escapes all regular expression characters.
render operator
Learn how to use the render operator to instruct the user agent to render a visualization of the query results.
repeat()
Learn how to use the repeat() function to generate a dynamic array containing a series comprised of repeated numbers.
replace_regex()
Learn how to use the replace_regex() function to replace all regex matches with another string.
replace_string()
Learn how to use the replace_string() function to replace all string matches with another string.
replace_strings()
Learn how to use the replace_strings() function to replace multiple strings matches with multiple replacement strings.
Restrict statement
Learn how to use the restrict statement to limit tabular views that are visible to subsequent query statements.
reverse()
Learn how to use the reverse() function to reverse the order of the input string.
rightanti join
Learn how to use the rightanti join flavor to merge the rows of two tables.
rightouter join
Learn how to use the rightouter join flavor to merge the rows of two tables.
rightsemi join
Learn how to use the rightsemi join flavor to merge the rows of two tables.
rolling_percentile plugin
Learn how to use the rolling_percentile plugin to calculate an estimate of the rolling percentile per bin for the specified value column.
round()
Learn how to use the round() function to round the number to the specified precision.
row_cumsum()
Learn how to use the row_cumsum() function to calculate the cumulative sum of a column in a serialized row set.
row_number()
Learn how to use the row_number() to return the current row’s index in a serialized row set.
row_rank_dense()
Learn how to use the row_rank_dense() function to return the current row’s dense rank in a serialized row set.
row_rank_min()
Learn how to use the row_rank_min() function to return the current row’s minimal rank in a serialized row set.
row_window_session()
Learn how to use the row_window_session() function to calculate session start values of a column in a serialized row set.
rows_near plugin
Learn how to use the rows_near plugin to find rows near a specified condition.
Runaway queries
This article describes Runaway queries.
sample operator
Learn how to use the sample operator to return up to the specified number of rows from the input table.
sample-distinct operator
Learn how to use the sample-distinct operator to return a column that contains up to the specified number of distinct values of the requested columns.
Scalar data types
This article describes Scalar data types.
Scalar Functions
Learn how to use scalar functions to perform calculations that return a single value.
scan operator
Learn how to use the scan operator to scan data, match, and build sequences based on the predicates.
Scatter chart visualization
This article describes the scatter chart visualization.
Scenarios for using Kusto Query Language (KQL) graph semantics
Learn about common scenarios for using Kusto Query Language (KQL) graph semantics.
schema_merge plugin
Learn how to use the schema_merge plugin to merge tabular schema definitions into a unified schema.
search operator
Learn how to use the search operator to search for a text pattern in multiple tables and columns.
sequence_detect plugin
Learn how to use the sequence_detect plugin to detect sequence occurrences based on provided predicates.
serialize operator
Learn how to use the serialize operator to mark the input row set as serialized and ready for window functions.
series_abs()
Learn how to use the series_abs() function to calculate the element-wise absolute value of the numeric series input.
series_acos()
Learn how to use the series_acos() function to calculate the element-wise arccosine function of the numeric series input.
series_add()
Learn how to use the series_add() function to calculate the element-wise addition of two numeric series inputs.
series_atan()
Learn how to use the series_atan() function to calculate the element-wise arctangent of the numeric series input.
series_clean_anomalies_fl()
Learn how to use the series_clean_anomalies_fl() function to clean anomalous points in a series.
series_cos()
Learn how to use the series_cos() function to calculate the element-wise cosine function of the numeric series input.
series_cosine_similarity_fl()
This article describes series_cosine_similarity_fl() user-defined function.
series_cosine_similarity()
This article describes series_cosine_similarity().
series_dbl_exp_smoothing_fl()
This article describes the series_dbl_exp_smoothing_fl() user-defined function.
series_decompose_anomalies()
Learn how to use series_decompose_anomalies() function to extract anomalous points from a dynamic numerical array.
series_decompose_forecast()
Learn how to use the series_decompose_forecast() function to predict the value of the last trailing points.
series_decompose()
Learn how to use the series_decompose() function to apply a decomposition transformation on a series.
series_divide()
Learn how to use the series_divide() function to calculate the element-wise division of two numeric series inputs.
series_dot_product_fl()
This article describes series_dot_product_fl() user-defined function.
series_dot_product()
This article describes series_dot_product().
series_downsample_fl()
This article describes the series_downsample_fl() user-defined function.
series_equals()
Learn how to use the series_equals() function to calculate the element-wise equals (==) logic operation of two numeric series inputs.
series_exp_smoothing_fl()
This article describes series_exp_smoothing_fl() user-defined function.
series_exp()
Learn how to use the series_exp() function to calculate the element-wise base-e exponential function (e^x) of the numeric series input.
series_fbprophet_forecast_fl()
This article describes the series_fbprophet_forecast_fl() user-defined function.
series_fft()
Learn how to use the series_fft() function to apply the Fast Fourier Transform (FFT) on a series.
series_fill_backward()
Learn how to use the series_fill_backward() function to perform a backward fill interpolation of missing values in a series.
series_fill_const()
Learn how to use the series_fill_const() function to replace missing values in a series with a specified constant value.
series_fill_forward()
Learn how to use the series_fill_forward() function to perform a forward fill interpolation of missing values in a series.
series_fill_linear()
Learn how to use the series_fill_linear() function to linearly interpolate missing values in a series.
series_fir()
Learn how to use the series_fir() function to apply a Finite Impulse Response (FIR) filter on a series.
series_fit_2lines_dynamic()
Learn how to use the series_fit_2lines_dynamic() function to apply two segments linear regression on a dynamic numerical array.
series_fit_2lines()
Learn how to use the series_fit_2lines() function to apply a two segmented linear regression on a series.
series_fit_line_dynamic()
Learn how to use the series_fit_line_dynamic() function to apply a linear regression on a series to return a dynamic object.
series_fit_line()
Learn how to use the series_fit_line() function to apply a linear regression on a series to return multiple columns.
series_fit_lowess_fl()
This article describes the series_fit_lowess_fl() user-defined function.
series_fit_poly_fl()
This article describes the series_fit_poly_fl() user-defined function.
series_fit_poly()
Learn how to use the series_fit_poly() to apply a polynomial regression from an independent variable (x_series) to a dependent variable (y_series).
series_floor()
Learn how to use the series_floor() function to calculate the element-wise floor function of the numeric series input.
series_greater_equals()
Learn how to use the series_greater_equals() function to calculate the element-wise greater or equals (>=) logic operation of two numeric series inputs.
series_greater()
Learn how to use the series_greater() function to calculate the element-wise greater (>) logic operation of two numeric series inputs.
series_ifft()
Learn how to use the series_ifft() function to apply the Inverse Fast Fourier Transform (IFFT) on a series.
series_iir()
Learn how to use the series_iir() function to apply an Infinite Impulse Response filter on a series.
series_lag_fl()
This article describes series_lag_fl() user-defined function.
series_less_equals()
Learn how to use the series_less_equals() function to calculate the element-wise less or equal (<=) logic operation of two numeric series inputs.
series_less()
Learn how to use the series_less() function to calculate the element-wise less (<) logic operation of two numeric series inputs.
series_log()
Learn how to use the series_log() function to calculate the element-wise natural logarithm function (base-e) of the numeric series input.
series_magnitude()
Learn how to use the series_magnitude() function to calculate the magnitude of series elements.
series_metric_fl()
This article describes the series_metric_fl() user-defined function.
series_monthly_decompose_anomalies_fl()
Learn how to use the series_monthly_decompose_anomalies_fl() function to detect anomalies in a series with monthly seasonality.
series_moving_avg_fl()
This article describes series_moving_avg_fl() user-defined function.
series_moving_var_fl()
This article describes series_moving_var_fl() user-defined function.
series_multiply()
Learn how to use the series_multiply() function to calculate the element-wise multiplication of two numeric series inputs.
series_mv_ee_anomalies_fl()
Learn how to use the series_mv_ee_anomalies_fl() user-defined function.
series_mv_if_anomalies_fl()
This article describes the series_mv_if_anomalies_fl() user-defined function.
series_mv_oc_anomalies_fl()
This article describes the series_mv_oc_anomalies_fl() user-defined function.
series_not_equals()
Learn how to use the series_not_equals() function to calculate the element-wise not equals (!=) logic operation of two numeric series inputs.
series_outliers()
Learn how to use the series_outliers() function to score anomaly points in a series.
series_pearson_correlation()
Learn how to use the series_pearson_correlation() function to calculate the pearson correlation coefficient of two numeric series inputs.
series_periods_detect()
Learn how to use the series_periods_detect() function to find the most significant periods that exist in a time series.
series_periods_validate()
Learn how to use the series_periods_validate() function to check whether a time series contains periodic patterns of given lengths.
series_rate_fl()
This article describes the series_rate_fl() user-defined function.
series_rolling_fl()
This article describes the series_rolling_fl() user-defined function.
series_seasonal()
Learn how to use the series_seasonal() function to calculate the seasonal component of a series according to the detected seasonal period.
series_shapes_fl()
This article describes the series_shapes_fl() user-defined function.
series_sign()
Learn how to use the series_sign() function to calculate the element-wise sign of the numeric series input.
series_sin()
Learn how to use the series_sin() function to calculate the element-wise sine of the numeric series input.
series_stats_dynamic()
Learn how to use the series_stats_dynamic() function to calculate the statistics for a series in a dynamic object.
series_stats()
Learn how to use the series_stats() function to calculate the statistics for a numerical series using multiple columns.
series_subtract()
Learn how to use the series_subtract() function to calculate the element-wise subtraction of two numeric series inputs.
series_sum()
Learn how to use the series_sum() function to calculate the sum of series elements.
series_tan()
Learn how to use the series_tan() function to calculate the element-wise tangent of the numeric series input.
series_uv_anomalies_fl()
This article describes the series_uv_anomalies_fl() user-defined function.
series_uv_change_points_fl()
This article describes the series_uv_change_points_fl() user-defined function.
session_count plugin
Learn how to use the session_count plugin to calculate the session count based on the ID column over a timeline.
Set statement
Learn how to use the set statement to set a request property for the duration of the query.
set_difference()
Learn how to use the set_difference() function to create a difference set of all distinct values in the first array that aren’t in the other array inputs.
set_has_element()
Learn how to use the set_has_element() function to determine if the input set contains the specified value.
set_intersect()
Learn how to use the set_intersect() function to create a set of the distinct values that are in all the array inputs.
set_union()
Learn how to use the set_union() function to create a union set of all the distinct values in all of the array inputs.
Shuffle query
This article describes Shuffle query.
sign()
Learn how to use the sign() function to return the sign of the numeric expression.
sin()
Learn how to use the sin() function to return the sine value of the input.
sliding_window_counts plugin
Learn how to use the sliding_window_counts plugin to calculate counts and distinct counts of values in a sliding window over a lookback period.
sort operator
Learn how to use the sort operator to sort the rows of the input table by one or more columns.
split()
Learn how to use the split() function to split the source string according to a given delimiter.
Splunk to Kusto map
Learn how to write log queries in Kusto Query Language by comparing Splunk and Kusto Query Language concept mappings.
SQL to Kusto query translation
Learn about the Kusto Query Language equivalent of SQL queries.
sql_request plugin
Learn how to use the sql_request plugin to send an SQL query to an SQL server network endpoint.
sqrt()
Learn how to use the sqrt() function to return the square root of the input,
Stacked area chart visualization
This article describes the stacked area chart visualization.
startofday()
Learn how to use the startofday() function to return the start of the day for the given date.
startofmonth()
Learn how to use the startofmonth() function to return the start of the month for the given date.
startofweek()
Learn how to use the startofweek() function to return the start of the week for the given date.
startofyear()
Learn how to use the startofyear() function to return the start of the year for the given date.
stdev() (aggregation function)
Learn how to use the stdev() aggregation function to calculate the standard deviation of an expression using Bessel’s correction.
stdevif() (aggregation function)
Learn how to use the stdevif() function to calculate the standard deviation of an expression where the predicate evaluates to true.
stdevp() (aggregation function)
Learn how to use the stdevp() aggregation function to calculate the standard deviation of an expression.
Stored functions
This article describes Stored functions.
stored_query_result()
Learn how to use the stored_query_result() function to reference a stored query result.
strcat_array()
Learn how to use the strcat_array() function to create a concatenated string of array values using a specified delimiter.
strcat_delim()
Learn how to use the strcat_delim() function to concatenate between 2 and 64 arguments using a specified delimiter as the first argument.
strcat()
Learn how to use the strcat() function to concatenate between 1 and 64 arguments.
strcmp()
Learn how to use the strcmp() function to compare two strings.
String operators
Learn about query operators for searching string data types.
string_size()
Learn how to use the string_size() function to measure the size of the input string.
strlen()
Learn how to use the strlen() function to measure the length of the input string.
strrep()
Learn how to use the strrep() function to repeat the input value.
substring()
Learn how to use the substring() function to extract a substring from the source string.
sum() (aggregation function)
Learn how to use the sum() (aggregation function) function to calculate the sum of an expression across the group.
sumif() (aggregation function)
Learn how to use the sumif() (aggregation function) function to calculate the sum of an expression value in records for which the predicate evaluates to true.
summarize operator
Learn how to use the summarize operator to produce a table that summarizes the content of the input table.
Table visualization
This article describes the table visualization.
table()
Learn how to use the table() function to reference a table.
Tables
This article describes Tables.
Tabular expression statements
Learn how to use tabular expression statements to produce tabular datasets.
take operator
Learn how to use the take operator to return a specified number of rows.
take_any() (aggregation function)
Learn how to use the take_any() (aggregation function) to return the value of an arbitrarily selected record.
take_anyif() (aggregation function)
Learn how to use the take_anyif() function to return the value of an arbitrarily selected record for which the predicate is ’true'.
tan()
Learn how to use the tan() function to return the tangent value of the specified number.
tdigest_merge() (aggregation functions)
Learn how to use the tdigest_merge() aggregation function to merge tdigest results across the group.
tdigest() (aggregation function)
Learn how to use the tdigest() (aggregation function) function to calculate the intermediate results of the weighted percentiles of expressions across the group.
The !between operator
Learn how to use the !between operator to match the input that is outside of the inclusive range.
The between operator
Learn how to use the between operator to return a record set of values in an inclusive range for which the predicate evaluates to true.
The bool data type
This article describes the bool data type.
The case-insensitive !~ (not equals) string operator
Learn how to use the !~ (not equals) string operator to filter records for data that doesn’t match a case-insensitive string.
The case-insensitive !contains string operator
Learn how to use the !contains string operator to filter data that doesn’t include a case sensitive string.
The case-insensitive !endswith string operator
Learn how to use the !endswith string operator to filter records for data that excludes a case-insensitive ending string.
The case-insensitive !has string operators
Learn how to use the !has string operator to filter records for data that doesn’t have a matching case-insensitive string.
The case-insensitive !hasprefix string operator
Learn how to use the !hasprefix operator to filter records for data that doesn’t include a case-insensitive prefix.
The case-insensitive !hassuffix string operator
Learn how to use the !hassuffix string operator to filter records for data that doesn’t have a case-insensitive suffix.
The case-insensitive !in~ string operator
Learn how to use the !in~ string operator to filter records for data without a case-insensitive string.
The case-insensitive !in~ string operator
Learn how to use the !in~ string operator to filter records for data without a case-insensitive string.
The case-insensitive !startswith string operators
Learn how to use the !startswith string operator to filter records for data that doesn’t start with a case-insensitive search string.
The case-insensitive =~ (equals) string operator
Learn how to use the =~ (equals) operator to filter a record set for data with a case-insensitive string.
The case-insensitive contains string operator
Learn how to use the contains operator to filter a record set for data containing a case-insensitive string.
The case-insensitive endswith string operator
Learn how to use the endswith operator to filter a record set for data with a case-insensitive string.
The case-insensitive has string operator
Learn how to use the has operator to filter data with a case-insensitive string.
The case-insensitive has_all string operator
Learn how to use the has_all string operator to filter a record set for data with one or more case-insensitive search strings.
The case-insensitive has_any string operator
Learn how to use the has_any operator to filter data with any set of case-insensitive strings.
The case-insensitive hasprefix string operator
Learn how to use the hasprefix operator to filter data with a case-insensitive string.
The case-insensitive hassuffix string operator
Learn how to use the hassuffix operator to filter data with a case-insensitive suffix string.
The case-insensitive in~ string operator
Learn how to use the in~ operator to filter data with a case-insensitive string.
The case-insensitive in~ string operator
Learn how to use the in~ operator to filter data with a case-insensitive string.
The case-insensitive startswith string operator
Learn how to use the case-insensitive startswith string operator to filter a record set with a case-insensitive string starting sequence.
The case-sensitive != (not equals) string operator
Learn how to use the != (not equals) string operator to filter records for data that doesn’t match a case-sensitive string.
The case-sensitive !contains_cs string operator
Learn how to use the !contains_cs string operator to filter data that doesn’t include a case-sensitive string.
The case-sensitive !endswith_cs string operator
Learn how to use the !endswith_cs string operator to filter data that doesn’t contain a case-insensitive string.
The case-sensitive !has_cs string operator
Learn how to use the !has_cs string operator to filter records for data that doesn’t have a matching case-sensitive string.
The case-sensitive !hasprefix_cs string operator
Learn how to use the !hasprefix_cs string operator to filter records for data that doesn’t have a case-sensitive prefix.
The case-sensitive !hassuffix_cs string operator
Learn how to use the !hassuffix_cs string operator to filter records for data that doesn’t have a case-sensitive suffix.
The case-sensitive !in string operator
Learn how to use the !in string operator to filter records for data without a case-sensitive string.
The case-sensitive !in string operator
Learn how to use the !in string operator to filter records for data without a case-sensitive string.
The case-sensitive !startswith_cs string operator
Learn how to use the !startswith_cs string operator to filter records for data that doesn’t start with a case-sensitive search string.
The case-sensitive == (equals) string operator
Learn how to use the == (equals) operator to filter a record set for data matching a case-sensitive string.
The case-sensitive contains_cs string operator
Learn how to use the contains_cs operator to filter a record set for data containing a case-sensitive string.
The case-sensitive endswith_cs string operator
Learn how to use the endswith_cs operator to filter a record set for data with a case-sensitive ending string.
The case-sensitive has_cs string operator
Learn how to use the has_cs operator to filter data with a case-sensitive search string.
The case-sensitive hasprefix_cs string operator
Learn how to use the hasprefix_cs operator to filter data with a case-sensitive prefix string.
The case-sensitive hassuffix_cs string operator
Learn how to use the hassuffix_cs operator to filter data with a case-sensitive suffix string.
The case-sensitive in string operator
Learn how to use the in operator to filter data with a case-sensitive string.
The case-sensitive in string operator
Learn how to use the in operator to filter data with a case-sensitive string.
The case-sensitive startswith string operator
Learn how to use the startswith string operator to filter a record set with a case-sensitive string starting sequence.
The datetime data type
This article describes the datetime data type.
The decimal data type
This article describes the decimal data type.
The dynamic data type
This article describes The dynamic data type.
The guid data type
This article describes The guid data type.
The has_any_index operator
Learn how to use the has_any_index operator to search the input string for items specified in the array.
The int data type
This article describes the int data type.
The long data type
This article describes the long data type.
The real data type
This article describes the real data type.
The string data type
Learn about the string data type.
The timespan data type
This article describes The timespan data type.
Time chart visualization
This article describes the time chart visualization.
Time pivot visualization
This article describes the time pivot visualization.
Time series anomaly detection & forecasting
Learn how to analyze time series data for anomaly detection and forecasting.
time_weighted_avg_fl()
This article describes time_weighted_avg_fl() user-defined function.
time_weighted_avg2_fl()
This article describes time_weighted_avg2_fl() user-defined function.
time_weighted_val_fl()
This article describes time_weighted_val_fl() user-defined function.
time_window_rolling_avg_fl()
This article describes time_window_rolling_avg_fl() user-defined function.
Timezone
This article is about the timezones supported by the Internet Assigned Numbers Authority Time Zone Database (IANA).
tobool()
Learn how to use the tobool() function to convert an input to a boolean representation.
todatetime()
Learn how to use the todatetime() function to convert the input expression to a datetime value.
todecimal()
Learn how to use the todecimal() function to convert the input expression to a decimal number representation.
toguid()
Learn how to use the toguid() function to convert the input string to a guid scalar.
tohex()
Learn how to use the tohex() function to convert the input value to a hexadecimal string.
toint()
Learn how to use the toint() function to convert the input value to an integer number representation.
tolong()
Learn how to use the tolong() function to convert the input value to a long number representation.
tolower()
Learn how to use the tolower() function to convert the input string to lower case.
top operator
Learn how to use the top operator to return the first specified number of records sorted by the specified column.
top-hitters operator
Learn how to use the top-hitters operator to return an approximation for the most popular distinct values in the input.
top-nested operator
Learn how to use the top-nested operator to produce a hierarchical aggregation.
toreal()
Learn how to use the toreal() function to convert the input expression to a value of type real.
toscalar()
Learn how to use the toscalar() function to return a scalar constant value of the evaluated expression.
tostring()
Learn how to use the tostring() function to convert the input value to a string representation.
totimespan()
Learn how to use the totimespan() function to convert the input to a timespan scalar value.
toupper()
Learn how to use the toupper() function to convert a string to upper case.
translate()
Learn how to use the translate() function to replace a set of characters with another set of characters in a given string.
Treemap visualization
Learn how to use the treemap visualization to visualize data.
treepath()
This article describes treepath().
trim_end()
Learn how to use the trim_end() function to remove the trailing match of the specified regular expression.
trim_start()
Learn how to use the trim_start() function to remove the leading match of the specified regular expression.
trim()
Learn how to use the trim() function to remove the leading and trailing match of the specified regular expression.
two_sample_t_test_fl()
This article describes the two_sample_t_test_fl() user-defined function.
unicode_codepoints_from_string()
Learn how to use the unicode_codepoints_from_string() function to return a dynamic array of the Unicode codepoints of the input string.
unicode_codepoints_to_string()
Learn how to use the unicode_codepoints_to_string() function to return the string represented by the Unicode codepoints.
union operator
This article describes union operator.
unixtime_microseconds_todatetime()
Learn how to use the unixtime_microseconds_todatetime() function to convert unix-epoch microseconds to UTC datetime.
unixtime_milliseconds_todatetime()
Learn how to use the unixtime_milliseconds_todatetime() function to convert unix-epoch milliseconds to UTC datetime.
unixtime_nanoseconds_todatetime()
Learn how to use the unixtime_nanoseconds_todatetime() function to convert unix-epoch nanoseconds to UTC datetime.
unixtime_seconds_todatetime()
Learn how to use the unixtime_seconds_todatetime() function to convert unix-epoch seconds to UTC datetime.
url_decode()
Learn how to use the url_decode() function to convert an encoded URL into a regular URL representation.
url_encode_component()
Learn how to use the url_encode_component() function to convert characters of the input URL into a transmittable format.
url_encode()
Learn how to use the url_encode() function to convert characters of the input URL into a transmittable format.
User Analytics
This article describes User Analytics.
User-defined functions
This article describes user-defined functions (scalar and views).
variance() (aggregation function)
Learn how to use the variance() aggregation function to calculate the sample variance of the expression across the group.
varianceif() (aggregation function)
Learn how to use the varianceif() function to calculate the variance in an expression where the predicate evaluates to true.
variancep() (aggregation function)
Learn how to use the variancep() aggregation function to calculate the population variance of an expression across the group.
Views
Learn how to define and use a view.
week_of_year()
Learn how to use the week_of_year() function to get the integer representation of the week.
welch_test()
Learn how to use the welch_test() function to compute the p_value of the Welch-test.
where operator
Learn how to use the where operator to filter a table to the subset of rows that satisfy a predicate.
wilcoxon_test_fl()
This article describes the wilcoxon_test_fl() user-defined function.
Window functions
Learn how to use window functions on rows in a serialized set.
zip()
This article describes zip().
zlib_compress_to_base64_string
This article describes the zlib_compress_to_base64_string() command.
zlib_decompress_from_base64_string()
This article describes the zlib_decompress_from_base64_string() command.
series_asin()
Learn how to use the series_asin() function to calculate the element-wise arcsine function of the numeric series input.
series_ceiling()
Learn how to use the series_ceiling() function to calculate the element-wise ceiling function of the numeric series input.
series_pow()
Learn how to use the series_pow() function to calculate the element-wise power of two numeric series inputs.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.