This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 18%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
How can I extract (parse out) pieces of data from a field and then put them in their own dedicated column in KQL? (Please see attached image for details)
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
An Azure service for ingesting, preparing, and transforming data at scale.
i'm using a log analytics workspace, and KQL to retrieve / troubleshoot. In the ResultDescription column I have a string. I want to extract data and put them (extend) in there own column. The accountname and Caller Computer Name, could someone help me out?
Best Regards,
Onedutch
Hello Tom, can you turn your question in a separate thread (a new question) instead of adding it as an answer to the question above? Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 12%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hi @AzureSent-0127 , parse operator would be the thing you should be looking at :
Syntax
T | parse [ kind=kind [ flags=regexFlags ]] expression with [ * ] stringConstant columnName [: columnType] [ * ] , ...
Please go through below link for further details:
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/parseoperator#syntax Thanks
Thank you for the info. Unfortunately, my attempts haven't been so successful. Can you please show me what the query would look like in my case by any chance?