Add syntax for aggregation over partitions
It would be helpful to have KQL syntax for expressing aggregation over a partition without summarization.
Something like adding a "by" to an "extend" clause:
| project State, EventId, StartTime, DeathsDirect
| extend TotalDeathsDirectInState = sum(DeathsDirect) by State
Currently the only way to do this in KQL is by joining to a subquery. The equivalent SQL is like:
SUM(DeathsDirect) OVER (PARTITION BY State) AS TotalDeathsDirectInState