Management commands overview
This article describes the management commands, also known as control commands, used to manage Kusto. Management commands are requests to the service to retrieve information that is not necessarily data in the database tables, or to modify the service state, etc.
Differentiating management commands from queries
Kusto uses three mechanisms to differentiate queries and management commands: at the language level, at the protocol level, and at the API level. This is done for security purposes.
At the language level, the first character of the text of a request determines
if the request is a management command or a query. Management commands must start with
the dot (.) character, and no query may start by that character.
At the protocol level, different HTTP/HTTPS endpoints are used for control commands as opposed to queries.
At the API level, different functions are used to send management commands as opposed to queries.
Combining queries and management commands
Management commands can reference queries (but not vice-versa) or other management commands. There are several supported scenarios:
- AdminThenQuery: A management command is executed, and its result (represented as a temporary data table) serves as the input to a query.
- AdminFromQuery: Either a query or a
.showadmin command is executed, and its result (represented as a temporary data table) serves as the input to a management command.
Note that in all cases, the entire combination is technically a management command,
not a query, so the text of the request must start with a dot (.) character,
and the request must be sent to the management endpoint of the service.
Also note that query statements appear within the query part of the text (they can't precede the command itself).
Note
We recommend limiting the usage of AdminThenQuery operations.
AdminThenQuery is indicated in one of two ways:
- By using a pipe (
|) character, the query therefore treats the results of the management command as if it were any other data-producing query operator. - By using a semicolon (
;) character, which then introduces the results of the management command into a special symbol called$command_results, that one may then use in the query any number of times.
For example:
// 1. Using pipe: Count how many tables are in the database-in-scope:
.show tables
| count
// 2. Using semicolon: Count how many tables are in the database-in-scope:
.show tables;
$command_results
| count
// 3. Using semicolon, and including a let statement:
.show tables;
let useless=(n:string){strcat(n,'-','useless')};
$command_results | extend LastColumn=useless(TableName)
AdminFromQuery is indicated by the <| character combination. For example,
in the following we first execute a query that produces a table with a single
column (named str of type string) and a single row, and write it as the table
name MyTable in the database in context:
.set MyTable <|
let text="Hello, World!";
print str=text
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for