Uredi

Deli z drugimi prek

Real-Time Intelligence tutorial part 4: Query streaming data in a KQL queryset

  • Članek

Note

This tutorial is part of a series. For the previous section, see: Tutorial part 3: Set an alert on your event stream.

In this part of the tutorial, you learn how to query your streaming data in a KQL queryset. You create a KQL queryset, write a KQL query, and visualize the data in a time chart.

Create a KQL queryset

  1. Browse to the KQL database you have created in a previous step, named Tutorial.

  2. Verify that the data is flowing into the database by viewing the Size tile in the database details page. The values in this tile should be greater than zero.

  3. From the ribbon, select New related item and choose KQL Queryset.

    Screenshot of Tutorial database showing adding a new related item that is a KQL queryset.

  4. Enter the name for the KQL Queryset: TutorialQueryset.

  5. Select Create. A new KQL queryset is created and opens in the KQL Queryset editor. It's connected to the Tutorial database as a data source, and is prepopulated with several general queries.

Write a KQL query

The name of the table you created in a previous step is TutorialTable. Use this (case-sensitive) name as the data source for your query.

Tip

If you have a sufficient subscription, you can use the Copilot feature to help you write queries. Copilot provides queries based on data in your table and natural language prompts. For more information, see Copilot for Real-Time Intelligence (preview)

  1. In the query editor, enter the following query. Then press Shift + Enter to run the query.

    TutorialTable
| take 10

    This query returns 10 arbitrary records from the table. What information about the data can you see at a glance? Notice that one of the columns is named No_Bikes. This column contains the number of empty docks at a bike station. This is a field you may be concerned with if you're tracking the availability of bikes at a station.

  2. To see the data in a more visual way, use the render operator. Run the following query:

    TutorialTable
| where Neighbourhood == "Chelsea"
| project Timestamp, No_Bikes
| render timechart

    This query creates a time chart that shows the number of bikes in the Chelsea neighborhood as a time chart.

    Screenshot of empty docks timechart in Real-Time Intelligence.

Related content

For more information about tasks performed in this tutorial, see:

Next step

Tutorial part 5: Create a Real-Time dashboard