Azure Data Explorer

  1. Provide max/min value in a new Windows function

    The max value till the current row.
    row_max ( Term [, Restart] )

    datatable(A:int)[4,5,6,1,3,7,4,8]
    | serialize
    | extend B = rowmax(A)
    | extend C = row
    min(A)

    The result of B is: 4,5,6,6,6,7,7,8
    The result of C is: 4,4,4,1,1,1,1,1

    It is useful for the ip v4 range comparison. Sorted the ip prefixes by the first address and get the max value of its last address for an IP prefix. It will significantly reduce the complexity of the prefix comparison to detect overlap IP prefixes.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. bag_unpack should provide an option to overwrite values in existing columns instead of throwing an error

    Today, evaluate bag_unpack throws an error when the column that is being unpacked already exists in the input.

    In the case where people start sending telemetry unpacked, realize they need to pack it for better cogs and better schema management, they are going to run into cases where the column already exists. An option to just overwrite the value in the result instead of throwing an error will be very useful.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support ADX into Azure ARC data Services

    Support ADX into Azure ARC data Services

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support escaping curly brackets in queries, and json field access

    See https://stackoverflow.microsoft.com/questions/192467

    Our Kusto data contains fields similar to C# string interpolation :

    {

    "{OriginalFormat}": "l1 cache hit for key {key}"
    

    }
    The field is in JSON format.

    I tried to extract the value using different notations, but without success :

    field[(0)] or field[(1)] - returns nothing
    field['{OriginalFormat}'] - this returns an error Parameter 'OriginalFormat' value was not provided

    Then I tried to filter the records using where clause :

    |where customDimensions !contains "l1 cache hit for key {key}"
    which didn't work by returning the error Parameter 'OriginalFormat' value was not provided

    I tried escaping using \ but I couldn't…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Operator to support optimized time window join

    Would be great if the pattern documented here: https://docs.microsoft.com/en-us/azure/kusto/query/join-timewindow could be its own operator. I use this pattern semi-frequently, and always have to look up the example on the docs site to implement it correctly, would be handy to have it encapsulated as a supported operator

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Queued ingestion Status Tracking

    Support the queued ingestion Status notification integration. Maybe EventGrid or Webhook. Customer can continue monitor and handle the integration job without the pull status from queue by time interval.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide tenant level connection string

    It would be awesome if there was a Tenant level connection string to show all LA/AI databases that you have access to. Similar to https://ade.loganalytics.io/tenants/<tenant-id>

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make sum() and sumif() "nullable"

    Include an option in sum() and sumif() like this: Foo = sum(Bar, nullable). The "nullable" option causes a sum of null values to be null rather than zero. A sum of null and non-null values would sum the non-null values, returning a number. The use case: to detect the total absence of data (all rows null) in an aggregation. This is important for telemetry applications (e.g., error counts) where zero is the "good" value. This feature would allow us to easily distinguish between the total absence of data, and the presence of some measurements whose value is zero. (I have…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Too many kust queries should not cause ingestion queue buildup

    In our recent Kusto outage, we have seen that too many Kusto queries were able to increase the ingestion queue by 100k. It would be good to have isolation between the querying and ingestion processes inside Kusto infrastructure so that these don't impact each other.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Kusto DOS outage: Allow granular throttling of kusto query requests at App or user level

    In our current Kusto outages, certain apps are found to be querying too much which in turn has increased the Kusto ingestion queue increase to 100k. It would be great to have Kusto some granular controls at app or user level to limit how much querying can be executed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the ability to control the cluster resource utilization (CPU, Memory) per database or user

    We would like to control the cluster resource utilization (CPU, Memory) per database or user

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add follow DB management options in Azure Portal

    Add follow DB management options in Azure Portal
    Attach DB to a leader
    Detach a follower DB

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. AADLoginForLinux/Windows getting failed to install

    Installing AADLogin extensions for Linux and windows is getting failed.

    Selecting this option while creating VMs is taking more than an hour and eventually getting failed to add this extension.

    Example error:
    The handler for VM extension type &#39;Microsoft.Azure.ActiveDirectory.LinuxSSH.AADLoginForLinux&#39; has reported terminal failure for VM extension &#39;AADLoginForLinux&#39; with error message: &#39;[ExtensionOperationError] Non-zero exit code: 20

    example: VM has not reported status for VM agent or extensions. Verify the VM has a running VM agent and that it can establish outbound connections to Azure storage. Please refer to <a rel="nofollow noreferrer" href="https://aka.ms/vmextensionlinuxtroubleshoot">https://aka.ms/vmextensionlinuxtroubleshoot</a> for additional VM agent troubleshooting information.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Let me tag a database as favorite

    Let me specify databases in the connection pane as my Favorites and then scope my view to only them. It is exceedingly frustrating to have to scroll through a huge list of databases to find the only two I care about. See attached picture for example.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Query builder using Fluent Interface pattern in Kusto SDK

    I think it would be great if you add a query builder to the SDK that uses Fluent Interface for building Kusto queries. Something very similar to how you can query SQL databases using Entity Framework.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add AAD Account Switcher to Web Explorer

    Add the ability to switch AAD accounts via an account switcher, similar to what is available at portal.azure.com. This is the most frequent request for LinkedIn customers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support special character in path parameter for extractjson()

    The path parameter in extractjson() function cannot contain any special character, even parentheses is not supported, suc as using "AB(CD)" as the path parameter will fail with the error (The parameter is incorrect)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide case insensitive method to get values in a bag for a given key

    Here is some suggested sample query (UserVoice converts single quote to &#39; - to convert back, copy the code to a decent editor and find replace &#39; back to single quote):

    print resourceRow = dynamic({
    
    &#39;id&#39;: &#39;/subscriptions/sub123/resourceGroups/rg123/providers/Microsoft.test/test/resource123&#39;,
    &#39;tags&#39;: {
    &#39;Andy1&#39;: &#39;value1&#39;,
    &#39;andy2&#39;: &#39;Value2&#39;,
    &#39;GURU1&#39;: &#39;OtherABC&#39;,
    &#39;guru2&#39;: &#39;otherdef&#39;
    }
    })
    | where bag_values_by_key(resourceRow.tags, &#39;andy1&#39;) has_cs &#39;value1&#39; and bag_values_by_key(resourceRow.tags, &#39;GURU2&#39;) has_cs &#39;otherdef&#39;

    In this case, the ‘bag_values_by_key’ would return an array of values for the given key in a case insensitive manner.

    bag_values_by_key(resourceRow.tags, 'andy1') should return an array ['value1'] and bag_values_by_key(resourceRow.tags, 'GURU2') should return an array ['otherdef'].

    This would be read as…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. summarize percentiles() result rounding

    Let’s say I have some intermediate query that results in numeric fields rounded to one decimal digit. Then I want to summarize them with percentiles(). This produces phantom values, not in the original set. Mock example:

    range value from 0.3 to 133 step 0.1
    | summarize percentiles(value, 25, 50)

    Result:

    percentile_value_25 percentile_value_50
    
    33.3099999999999 66.5999999999999

    I understand this is because of the statistical estimation. But formatting the final result nicely becomes a chore, especially if it uses percentiles() multiple times and/or with many percentile points.

    | project value_p25=round(percentile_value_25, 1), value_p50=round(percentile_value_50, 1)

    What I’d like to be able to do is something…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Translate IP addresses to geo coordinates


    • Given an IP-Address

    • There should be a native KQL function to translate the IP address to a coordinate

    • This will enable the user to enrich telemetry from server/app logs with the corresponding location

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Azure Data Explorer

Categories

Feedback and Knowledge Base