Rediger

Quickstart: Query sample data

  • Artikel

Azure Data Explorer provides a web experience that enables you to connect to your Azure Data Explorer clusters and write, run, and share Kusto Query Language (KQL) commands and queries. The web experience is available in the Azure portal and as a stand-alone web application, the Azure Data Explorer web UI. In this quickstart, you'll learn how to query data in the stand-alone Azure Data Explorer web UI.

In the Azure Data Explorer web UI, the query editor provides suggestions and warnings as you write your queries. To customize which suggestions and warnings you receive, see Set query recommendations.

Prerequisites

Add clusters

When you first open the web UI, in the Query page, you should see a connection to the help cluster. The examples in this quickstart use the StormEvents table in the Samples database of the help cluster.

If you want to run queries on a different cluster, you must add a connection to that cluster.

To add a new cluster connection, do the following:

  1. On the left menu, select Query.
  2. In the upper left pane, select Add connection.
  3. In the Add connection dialog box, enter the cluster Connection URI and Display name.
  4. Select Add to add the connection.

If you don't see the help cluster, add it using the previous steps. Use "help" as the Connection URI.

Run queries

To run a query, you must select the database on which you want to run the query in order to set the query context.

  1. In the Cluster connection pane, under the help cluster, select the Samples database.

    Screenshot of the Samples database selected.

  2. Copy and paste the following query into the query window. At the top of the window, select Run.

    Run the query

    StormEvents
| sort by StartTime desc
| take 10

    This query returns the 10 newest records in the StormEvents table. The result should look like the following table.

    Screenshot of a table that lists data for 10 storm events in the Azure Data Explorer web U I.

  3. Copy and paste the following query into the query window, below the first query. Notice how it isn't formatted on separate lines like the first query.

    Run the query

    StormEvents | sort by StartTime desc 
| project StartTime, EndTime, State, EventType, DamageProperty, EpisodeNarrative | take 10

  4. Select the new query. Press Shift+Alt+F to format the query, so it looks like the following query.

    Screenshot of a query with the correct formatting.

  5. Select Run or press Shift+Enter to run a query. This query returns the same records as the first one, but includes only the columns specified in the project statement. The result should look like the following table.

    Screenshot of a table that lists the start time, end time, state, event type, damage property, and episode narrative for 10 storm events in the Azure Data Explorer web U I.

    Tip

    Select Recall at the top of the query window to show the result set from the first query without having to rerun the query. Often during analysis, you run multiple queries, and Recall allows you to retrieve the results of previous queries.

  6. Let's run one more query to see a different type of output.

    Run the query

    StormEvents
| summarize event_count=count(), mid = avg(BeginLat) by State
| sort by mid
| where event_count > 1800
| project State, event_count
| render columnchart

    The result should look like the following chart.

    Screenshot of a column chart as output from a query.

    Note

    Blank lines in the query expression can affect which part of the query is executed.

    • If no text selected, it's assumed that the query or command is separated by empty lines.
    • If text is selected, the selected text is run.

Provide feedback

  1. In the upper right of the application, select the feedback icon .

  2. Enter your feedback, then select Submit.

Clean up resources

You didn't create any resources in this quickstart, but if you'd like to remove one or both clusters from the application, right-click the cluster and select Remove connection. Another option is to select Clear local state from the Settings > General tab. This action will remove all cluster connections and close all open query tabs.

Related content