Work with data in Microsoft Sentinel using Kusto Query Language

  • Module
  • 7 Units
Intermediate
Security Operations Analyst
Microsoft Sentinel
Azure Log Analytics
Azure

Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.

Learning objectives

Upon completion of this module, the learner will be able to:

  • Extract data from unstructured string fields using KQL
  • Extract data from structured string data using KQL
  • Create Functions using KQL

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.