WARNING: This is an advanced KQL series. For beginning topics don't start here. Instead, see the original Must Learn KQL series. Come back when you're done. We'll be waiting for you.
The series has it's own shortlink. To return back here, just remember the easy URL: https://aka.ms/Addicted2KQL
(links go live when each part/chapter is released)
- Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs Posted March 16, 2022
- Addicted to KQL Part 1: Parsing Unruly Data
** Addicted to KQL Part 1.a: Access sub-columns using the bag_unpack plugin - Posted April 18, 2022 by Gary Bushey - Addicted to KQL Part 2: Repeatable Repercussion - Building Functions
- Addicted to KQL Part 3: Deep dive into Join
- Addicted to KQL Part 4: REGEX
- Addicted to KQL Part 5: Using External Data Sources
- Addicted to KQL Part 6: Time Series - Azure KQL – Time After Time - Posted May 16, 2022 by Gary Bushey
- Addicted to KQL Part 7: Working with IP Addresses - Azure KQL – Working with IP Addresses - Posted May 21, 2022 by Gary Bushey
- Addicted to KQL Part 8: Optimizing Queries and Best Practices
- Addicted to KQL Part 9: Using KQL for Hunting Operations
NOTE: The series is currently being developed. The TOC may change dramatically prior to launch.
