Skip to Main Content
The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting
book

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

by Mark Morowczynski, Rod Trent, Matthew Zorich
June 2024
Intermediate to advanced content levelIntermediate to advanced
480 pages
15h 11m
English
Microsoft Press
Content preview from The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

Chapter 2

Data Aggregation

After completing this chapter, you will be able to:

  • Perform common statistical analysis on data such as counting totals, distinct counts, and the first and last time an event takes place

  • Group your data by common time delimitations such as week, day, or hour

  • Visualize your dataset in various graph types

We Are Dealing with a Lot of Data Here

In the previous chapter, we stressed how critical it is to filter down the initial starting data to your desired dataset. There were many ways to do this: by time, by specific values in a column, and by when a specific value was not present. Despite being able to filter down millions of records to a subset you want to look at, you’re often left with, well, a lot of data—too ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

CompTIA Security+ SY0-701

CompTIA Security+ SY0-701

Sari Greene
SC-200 Microsoft Security Operations Analyst

SC-200 Microsoft Security Operations Analyst

ACI Learning, Anthony Sequeira, Lauren Deal

Publisher Resources

ISBN: 9780138293482