The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

Chapter 2 Data Aggregation

After completing this chapter, you will be able to:

Perform common statistical analysis on data such as counting totals, distinct counts, and the first and last time an event takes place
Group your data by common time delimitations such as week, day, or hour
Visualize your dataset in various graph types

We Are Dealing with a Lot of Data Here

In the previous chapter, we stressed how critical it is to filter down the initial starting data to your desired dataset. There were many ways to do this: by time, by specific values in a column, and by when a specific value was not present. Despite being able to filter down millions of records to a subset you want to look at, you’re often left with, well, a lot of data—too ...

Get The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting by Mark Morowczynski, Rod Trent, Matthew Zorich

Chapter 2

Data Aggregation

We Are Dealing with a Lot of Data Here

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly