How to get all the data from column in conditional statement using KQL in Workbook

Question

I am using kql query

name_of_log_table
| where abc has "103.90.06.102"
| where pqr == "def"
| project ip

to get specific ip address from log table from the column name abc but now i want to get all the data from that column abc using

name_of_log_table
| where abc has "*"
| where pqr == "def"
| project ip

But i am not able to get it as, * will be considered as null

so how can i get all the data of abc column

Note:- we are passing value of column abc through parameter so the line must be there
FYI the query looks like this

name_of_log_table
| where abc has '{param1}'
| where pqr == '{param2}'
| project ip

Answer 1

In your Parameter tick the allow multiple selection then you can specify an "all" value and a default such as "all" or "*"

You are then able to to check the label for the value or the data you passed from the parameter.

| where "{LogSeverity:label}" == "All" or LogSeverity in ({LogSeverity})

An example, look at the 'Product Name' or 'Owner Parmenter' https://github.com/Azure/Azure-Sentinel/blob/96245e4d59fa4d32f69b56efbffa3cf579683344/Workbooks/SentinelCentral.json

Answer 2

That quite an edge case, if you dont select any Parmenter the method I showed - displays "The query could not run because some parameters are not set" - users typically understand they have to select at least one thing. If the default item is "all" its less likely that they wont tick something.

You could look to see if a CRITERIA rather than a JSON or Logs query could help, or setting a dynamic empty variable for the array.