The string data type
Applies to: ✅ Microsoft Fabric ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
The string data type represents a sequence of zero or more Unicode
characters.
For information on string query operators, see String operators.
Note
- Internally, strings are encoded in UTF-8. Invalid (non-UTF8) characters are replaced with U+FFFD Unicode replacement characters at ingestion time.
- Kusto has no data type that is equivalent to a single character. A single character is represented as a string of length 1.
- When ingesting the
stringdata type, if a single string value in a record exceeds 1MB (measured using UTF-8 encoding), the value is truncated, and ingestion succeeds. If a single string value in a record, or the entire record, exceeds the allowed data limit of 64MB, ingestion fails. - When ingesting the
stringdata type, if a single string value in a record exceeds 1MB (measured using UTF-8 encoding), the value is truncated, and ingestion succeeds. You can increase theMaxValueSizeof the column by changing its encoding policy. - If a single string value in a record, or the entire record, exceeds the allowed data limit of 64MB, ingestion fails.
string literals
A string literal is a string enclosed in quotes. You can use double quotes or single quotes to encode string literals in query text. With double quotes, you must escape nested double quote characters with a backslash (\). With single quotes, you must escape nested single quote characters, and you don't need to escape double quotes.
Use the backslash character to escape the enclosing quote characters, tab characters (\t), newline characters (\n), and the backslash itself (\\).
Note
The newline character (\n) and the return character (\r) must be enclosed in quotes unless using multi-line string literals.
Verbatim string literals
Verbatim string literals are string literals prepended with the @ character, which serves as a verbatim identifier. In this form, the backslash character (\) stands for itself and isn't an escape character. In verbatim string literals, double quotes are escaped with double quotes and single quotes are escaped with single quotes.
For an example, see Verbatim string.
Note
The newline character (\n) and the return character (\r) must be enclosed in quotes unless using multi-line string literals.
Multi-line string literals
Indicate a multi-line string literals by a "triple-backtick chord" (```) at the beginning and end of the literal.
For an example, see Multi-line string literal.
Note
- Multi-line string literals support newline (
\n) and return (\r) characters. - Multi-line string literals do not support escaped characters. Similar to verbatim string literals.
- Multi-line string literals don't support obfuscation.
Concatenation of separated string literals
In a Kusto query, when two or more adjacent string literals have no separation between them, they're automatically combined to form a new string literal. Similarly, if the string literals are separated only by whitespace or comments, they're also combined to form a new string literal.
For an example, see Concatenated string literals.
Obfuscated string literals
Queries are stored for telemetry and analysis. To safeguard sensitive information like passwords and secrets, you can mark a string as an obfuscated string literal. These marked strings are logged in obfuscated form replaced with asterisks (*) in the query text.
An obfuscated string literal is created by prepending an h or an H character in front of a standard or verbatim string literal.
For an example, see Obfuscated string literal.
Important
Mark all string literals that contain secret information as obfuscated string literals.
Tip
In some situations, only a portion of the string literal contains secret information. In such cases, divide the literal into a non-secret part and a secret portion. Then, label only the secret part as obfuscated.
Examples
String literal with quotes
The following example demonstrates how to use quotes within string literals encompassed by single quotes and double quotes. For more information, see String literals.
print
s1 = 'string with "double quotes"',
s2 = "string with 'single quotes'"
Output
| s1 | s2 |
|---|---|
| string with "double quotes" | string with 'single quotes' |
String literal with backslash escaping
The following example creates a regular expression pattern using backslashes to escape special characters. For more information, see String literals.
print pattern = '\\n.*(>|\'|=|\")[a-zA-Z0-9/+]{86}=='
Output
| pattern |
|---|
| \n.*(>|'|=|")[a-zA-Z0-9/+]{86}== |
String literal with Unicode
The following example shows that a backslash is needed to include a Unicode character in a string literal.
print space = "Hello\u00A0World"
Output
| space |
|---|
| Hello World |
Verbatim string literal
The following example creates a path in which the backslashes are part of the path instead of escape characters. To do this, the string @ sign is prepended to the string, creating a verbatim string literal.
print myPath = @'C:\Folder\filename.txt'
Output
| myPath |
|---|
| C:\Folder\filename.txt |
Multi-line string literal
The following example shows the syntax for a multi-line string literal, which uses newlines and tabs to style a code block. For more information, see Multi-line string literals.
print program = ```
public class Program {
public static void Main() {
System.Console.WriteLine("Hello!");
}
}```
Output
| program |
|---|
| public class Program { public static void Main() { System.Console.WriteLine("Hello!"); } } |
Concatenated string literals
The following expressions all yield a string of length 13. For more information, see Concatenation of separated string literals.
print
none = strlen("Hello"', '@"world!"),
whitespace = strlen("Hello" ', ' @"world!"),
whitespaceAndComment = strlen("Hello"
// Comment
', '@"world!"
);
Output
| none | whitespace | whitespaceAndComment |
|---|---|---|
| 13 | 13 | 13 |
Obfuscated string literal
In the following query output, the h string is visible in your results. However, in tracing or telemetry, the h string is stored in an obfuscated form and substituted with asterisks in the log. For more information, see Obfuscated string literals.
print blob="https://contoso.blob.core.windows.net/container/blob.txt?"
h'sv=2012-02-12&se=2013-04-13T0...'
Output
| blob |
|---|
| https://contoso.blob.core.windows.net/container/blob.txt?sv=2012-02-12&se=2013-04-13T0... |