RE2 in Kusto If you work with Kusto (Azure Data Explorer), you’re inevitably going to find yourself needing regular expressions. As someone who writes Kusto queries daily in security operations, I’ve developed a love-hate relationship with RE2 regex in KQL. It’s so powerful, but can be difficult to get your head around. This is my personal cheat sheet that I refer to, and I hope it saves you some time too....
Kusto Query Hints and Strategies When you’re working with a large volume of log data, query performance becomes more important. If you’ve ever stared at a loading screen while your Kusto query slowly runs in the background, this post is for you. Alternatively, if you grab a cup of tea while your query is running, you’re probably okay to not bother reading this. However, these are some performance hints I actually use (sometimes), not just theoretical optimisations....
Kusto Detective Agency Walkthrough of answers for Kusto Detective Agency Season 1 Welcome to the Kusto Detective Agency! This blog post provides a walkthrough for the Season 1 challenges, with the Kusto query answers hidden in collapsible sections so you can try to solve the challenges yourself first. Hints: Remember if you get stuck to refer to the hints in this answer sheet and in Kusto Detective Agency before checking the answers!...