mysql_request plugin (Preview)

The mysql_request plugin sends a SQL query to a MySQL Server network endpoint and returns the first rowset in the results. The query may return more than one rowset, but only the first rowset is made available for the rest of the Kusto query.

The plugin is invoked with the evaluate operator.

Important

The mysql_request plugin is disabled by default. To enable the plugin, run the .enable plugin mysql_request command. To see which plugins are enabled, use .show plugin management commands.

Syntax

evaluate mysql_request ( ConnectionString , SqlQuery [, SqlParameters] ) [: OutputSchema]

Arguments

Name Type Required Description
ConnectionString string Indicates the connection string that points at the MySQL Server network endpoint. See authentication and how to specify the network endpoint.
SqlQuery string Indicates the query that is to be executed against the SQL endpoint. Must return one or more row sets, but only the first one is made available for the rest of the query.
SqlParameters dynamic Holds key-value pairs to pass as parameters along with the query.
OutputSchema The names and types for the expected columns of the mysql_request plugin output.

Syntax: ( ColumnName : ColumnType [, ...] )

Specifying the expected schema optimizes query execution by not having to first run the actual query to explore the schema. An error is raised if the run-time schema doesn't match the OutputSchema schema.

Set callout policy

The plugin makes callouts to the MySql database. Make sure that the cluster's callout policy enables calls of type mysql to the target MySqlDbUri.

The following example shows how to define the callout policy for MySQL databases. We recommend restricting the callout policy to specific endpoints (my_endpoint1, my_endpoint2).

[
  {
    "CalloutType": "mysql",
    "CalloutUriRegex": "my_endpoint1\\.mysql\\.database\\.azure\\.com",
    "CanCall": true
  },
  {
    "CalloutType": "mysql",
    "CalloutUriRegex": "my_endpoint2\\.mysql\\.database\\.azure\\.com",
    "CanCall": true
  }
]

The following example shows an .alter callout policy command for mysql CalloutType:

.alter cluster policy callout @'[{"CalloutType": "mysql", "CalloutUriRegex": "\\.mysql\\.database\\.azure\\.com", "CanCall": true}]'

Username and password authentication

The mysql_request plugin only supports username and password authentication to the MySQL server endpoint and doesn't integrate with Azure Active Directory authentication.

The username and password are provided as part of the connections string using the following parameters:

User ID=...; Password=...;

Warning

Confidential or guarded information should be obfuscated from connection strings and queries so that they are omitted from any Kusto tracing. For more information, see obfuscated string literals.

Encryption and server validation

For security, SslMode is unconditionally set to Required when connecting to a MySQL server network endpoint. As a result, the server must be configured with a valid SSL/TLS server certificate.

Specify the network endpoint

Specify the MySQL network endpoint as part of the connection string.

Syntax:

Server = FQDN [Port = Port]

Where:

  • FQDN is the fully qualified domain name of the endpoint.
  • Port is the TCP port of the endpoint. By default, 3306 is assumed.

Examples

SQL query to Azure MySQL DB

The following example sends a SQL query to an Azure MySQL database. It retrieves all records from [dbo].[Table], and then processes the results.

Note

This example shouldn't be taken as a recommendation to filter or project data in this manner. SQL queries should be constructed to return the smallest data set possible, since the Kusto optimizer doesn't currently attempt to optimize queries between Kusto and SQL.

evaluate mysql_request(
    'Server=contoso.mysql.database.azure.com; Port = 3306;'
    'Database=Fabrikam;'
    h'UID=USERNAME;'
    h'Pwd=PASSWORD;',
    'select * from [dbo].[Table]')
| where Id > 0
| project Name

Authentication with username and password

The following example is identical to the previous one, but authentication is by username and password. For confidentiality, use obfuscated strings.

evaluate mysql_request(
    'Server=contoso.mysql.database.azure.com; Port = 3306;'
    'Database=Fabrikam;'
    h'UID=USERNAME;'
    h'Pwd=PASSWORD;',
    'select * from [dbo].[Table]')
| where Id > 0
| project Name

SQL query to an Azure MySQL database with modifications

The following example sends a SQL query to an Azure MySQL database retrieving all records from [dbo].[Table], while appending another datetime column, and then processes the results on the Kusto side. It specifies a SQL parameter (@param0) to be used in the SQL query.

evaluate mysql_request(
    'Server=contoso.mysql.database.azure.com; Port = 3306;'
    'Database=Fabrikam;'
    h'UID=USERNAME;'
    h'Pwd=PASSWORD;',
    'select *, @param0 as dt from [dbo].[Table]',
    dynamic({'param0': datetime(2020-01-01 16:47:26.7423305)}))
| where Id > 0
| project Name

SQL query with a query-defined output schema

The following example sends a SQL query to an Azure MySQL database retrieving all records from [dbo].[Table], while selecting only specific columns. It uses an explicit schema definition that allows various optimizations to be evaluated before the actual query against the server is run.

evaluate mysql_request(
  'Server=contoso.mysql.database.azure.com; Posvsrt = 3306;'
     'Database=Fabrikam;'
    h'UID=USERNAME;'
    h'Pwd=PASSWORD;',
  'select Id, Name') : (Id:long, Name:string)
| where Id > 0
| project Name

This capability isn't supported in Azure Monitor.