Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
501 questions
1 answer
Is it possible to push data from ADX/ADF back to LA?
We are using ADX solution as part of sentinel for long term retention and would like to know if we can retrieve the data from ADX/ADF back to log analytics when needed.
asked 2021-06-11T06:51:10.237+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 42%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Dhanya Ragini
1
Reputation point
commented 2021-06-24T07:01:17.17+00:00
PRADEEPCHEEKATLA-MSFT
84,051
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure Data Explorer database maximum size
I have a total of 50 log analytics workspaces. One log analytics workspace is 80TB in size. Other workspaces are below 5TB. I am designing Azure Data Explorer as long-term retention storage. I understand I should plan one or few ADX clusters to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 94%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Is there a way to get unique id of each row / record in Azure Data Explorer
In our project, we need to find the unique id of each row or record in azure data explorer to corelate different tables or data sources. But we don't design an id for it. Is there a way to get the internal id for each row or record in azure data…
asked 2021-05-06T06:19:02.203+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 78%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Sam Li (RD-CN)
21
Reputation points
commented 2021-05-11T03:46:33.7+00:00
Sam Li (RD-CN)
21
Reputation points
1 answer
One of the answers was accepted by the question author.
Send new data to Deployed model
Hello, We are sending data from a smartwatch -> IoT Central -> Event Hubs -> Data Explorer -> Blob Storage. We are then using the blob storage as a datastore in Machine Learning, which we make a dataset of. We deployed a model we…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 69%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
1 answer
Ingest data from Sqlite DB into Azure data explorer
What is the recommended way to ingest data from sqlite db into Azure data explorer. If this is not straight forward, are there other alternatives like a Postgre SQL on Azure or SQL server on Azure which might be easier to do. The objective is to set…
asked 2021-04-19T13:45:07.747+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 15%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Hari_pr
1
Reputation point
commented 2021-04-26T15:48:07.603+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 70%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MartinJaffer-MSFT
26,051
Reputation points
1 answer
One of the answers was accepted by the question author.
Improve ingestion latency
Hi, how can i improve ingestion latency? pulling data from blobs into Adx and geeting avg. ingestion latency ~5 min
asked 2021-04-19T20:16:01.927+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 49%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Anoop Verma
21
Reputation points
accepted 2021-04-22T16:39:24.693+00:00
Anoop Verma
21
Reputation points
1 answer
One of the answers was accepted by the question author.
Separate data in data explorer and use as datastore
Hello, We are sending data from IoT Central to Event Hubs and then to Data Explorer, with the hopes of then sending the data to Azure Machine Learning. In order to send data from Event Hubs to Data Explorer it needs a data ingestion into a table…
2 answers
Data load to ADX (Kusto) fails with error - UserErrorKustoWriteFailed
Failure happened on 'Sink' side. ErrorCode=UserErrorKustoWriteFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Failure status of the first blob that failed: Mapping reference 'TestTable' of type 'mappingReference' in…
asked 2021-01-11T07:09:52.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 16%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Siresh Peesa (HCL America Inc)
1
Reputation point Microsoft Employee
answered 2021-04-16T06:43:59.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 28.000000000000004%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Janine Lodewick
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Recover data in Azure Data Explorer
Hello, I accidentally clear the table data by using the command: clear table [tableName] data. Is it possible to recover data? Thanks a lot!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 93%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
1 answer
lab unable to open
Lab unable to open
asked 2021-03-24T08:46:30.777+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 28.000000000000004%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Claire Lau
1
Reputation point
answered 2021-03-25T12:29:35.487+00:00
Dave Patrick
426.4K
Reputation points MVP
0 answers
Why does the ODBC driver return an extra "ROWSTAT" column when connected to a Azure Data Explorer (*.kusto.windows.net)?
We are using ODBC Driver 17 for SQL Server to connect to Azure Data Explorer (*.kusto.windows.net). We use SQLExecDirect to execute a query such along the lines of "SELECT col1 from table". We expect the result to only contain 1 column.…
asked 2021-02-26T21:48:59.313+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 25%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Kevin Seekell
1
Reputation point
commented 2021-03-24T15:13:37.03+00:00
Kevin Seekell
1
Reputation point
1 answer
Why number of node increases in Kusto cluster
if number of nodes are suddenly increase 34 to 41 , memory also shows increase 90%. CPU utilization nearly above 25% How all of sudden number node increases in kusto cluser, how to find the reasons
asked 2021-03-07T10:45:07.997+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 34%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
Tapas Kumar Barik
1
Reputation point
commented 2021-03-16T05:18:02.88+00:00
PRADEEPCHEEKATLA-MSFT
84,051
Reputation points Microsoft Employee
1 answer
How to build a pipeline in Azure Devops for deploying terraform scripts for creating an ADX cluster.
I want to create a build pipeline in ADO for deploying my terraform scripts for adding a cluster in ADX.
asked 2021-03-01T09:57:16.66+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 7.000000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Hatim
1
Reputation point
answered 2021-03-01T15:21:47.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
kobulloc-MSFT
25,651
Reputation points Microsoft Employee
1 answer
Azure Data Explorer Plotting Old Data
Hi everyone, I'm currently following this tutorial to set up my data explorer to be able to query data via event grid notifications: https://video2.skills-academy.com/en-us/azure/data-explorer/ingest-data-event-grid. Setting up a web UI dashboard to…
asked 2021-02-03T16:27:50.703+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 92%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
tsun
26
Reputation points
commented 2021-02-19T17:58:10.077+00:00
MartinJaffer-MSFT
26,051
Reputation points
1 answer
Azure Data Explorer Replacing old data with new data ingested from blob storage
Hello everyone, I'm currently ingesting data from a blob storage into Azure Data Explorer using Event Hubs. I'm trying to plot out some graphs, with each one containing a set of frequency values and power values. I noticed that whenever a new…
asked 2021-02-03T21:21:15.093+00:00
tsun
26
Reputation points
commented 2021-02-04T21:33:29.697+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
HimanshuSinha-msft
19,386
Reputation points Microsoft Employee
1 answer
Why I'm missing events on my Log Analytics Query?
Vinny Paluch
31
Reputation points
answered 2021-02-03T16:14:37.52+00:00
Vinny Paluch
31
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Data Explorer Dashboard Failure
Created Dashboard in Azure Data Explorer but now when attempting to load am receiving the following error. "Could not load the selected dashboard. Could not migrate object with version 4. No matching migration found" Any help to regain…
asked 2021-01-28T21:10:51.983+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 6%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Jamie Bowkett
31
Reputation points
accepted 2021-02-01T16:23:29.027+00:00
Jamie Bowkett
31
Reputation points
1 answer
Events for Servers
I can see logs under Advanced Hunting in the below portal for workstations. How can I see same data on-prem servers that have been onboarded and connect to LAW(Log analytics Workspace). I want IdentityLogonEvents and DeviceNetworkEvents Microsoft 365…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 69%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER7%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
How to purchase more Storage for Azure Data Explorer
We are planning to use the Standard_E8a_v4 SKU for our Requiremnet but the Storage capacity for the same is only 127 GB SSD and 64 GB Cache. Is there a way to purchase more Storage Space for the mentioned SKU.
asked 2021-01-21T16:10:32.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 60%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Srivatsan kothandraman
41
Reputation points
commented 2021-01-25T19:36:50.073+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KranthiPakala-MSFT
46,437
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Project/Extract from additional data fields
How can I project CVE titles from this. Some have more than 1 as in below example, and some don't have any. I ultimately want server names and CVE columns either empty or ith Title value Below is example of what I am running in log analytics to extract…