Updated links to Kusto overview doc

yelevin · yelevin · commit 4a9d8e2dd35b · 2025-01-16T17:24:07.000+02:00
diff --git a/articles/sentinel/audit-track-tasks.md b/articles/sentinel/audit-track-tasks.md
@@ -50,7 +50,7 @@ Apart from the **Incident tasks workbook**, you can audit task activity by query
 
     You can add any number of statements to the query to filter and narrow down the results. To demonstrate how to view and understand the results, we're going to add statements to filter the results so that we only see the tasks for a single incident, and we'll also add a `project` statement so that we see only those fields that will be useful for our purposes, without a lot of clutter.
 
-    [Learn more about using Kusto Query Language](kusto-overview.md).
+    [Learn more about using Kusto Query Language](/kusto/query/kusto-sentinel-overview).
 
     ```kusto
     SecurityIncident
diff --git a/articles/sentinel/create-analytics-rule-from-template.md b/articles/sentinel/create-analytics-rule-from-template.md
@@ -16,7 +16,7 @@ ms.collection: usx-security
 ---
 # Create scheduled analytics rules from templates
 
-By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](kusto-overview.md) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. These queries can perform complex statistical operations on their target data, revealing baselines and outliers in groups of events. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
+By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](/kusto/query/kusto-sentinel-overview) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. These queries can perform complex statistical operations on their target data, revealing baselines and outliers in groups of events. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
 
 Microsoft makes a vast array of **analytics rule templates** available to you through the many [solutions provided in the Content hub](sentinel-solutions.md), and strongly encourages you to use them to create your rules. The queries in scheduled rule templates are written by security and data science experts, either from Microsoft or from the vendor of the solution providing the template.
 
@@ -85,7 +85,7 @@ From the Microsoft Defender navigation menu, expand **Microsoft Sentinel**, then
 1. Cycle through the tabs of the wizard, customizing the logic and other rule settings where possible to better suit your specific needs. 
 
     If you need to make any changes to the query itself, consult the following articles from the Kusto documentation for help:
-    - [Kusto Query Language in Microsoft Sentinel](kusto-overview.md)
+    - [Kusto Query Language in Microsoft Sentinel](/kusto/query/kusto-sentinel-overview)
     - [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true)
     - [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true)
 
diff --git a/articles/sentinel/create-analytics-rules.md b/articles/sentinel/create-analytics-rules.md
@@ -46,7 +46,7 @@ Before you do anything else, you should design and build a query in Kusto Query
 
 For some helpful tips for building Kusto queries, see [Best practices for analytics rule queries](scheduled-rules-overview.md#best-practices-for-analytics-rule-queries).
 
-For more help building Kusto queries, see [Kusto Query Language in Microsoft Sentinel](kusto-overview.md) and [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true) (from the Kusto documentation).
+For more help building Kusto queries, see [Kusto Query Language in Microsoft Sentinel](/kusto/query/kusto-sentinel-overview) and [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true) (from the Kusto documentation).
 
 ## Create your analytics rule
 
diff --git a/articles/sentinel/kusto-overview-remove.md b/articles/sentinel/kusto-overview-remove.md
diff --git a/articles/sentinel/kusto-resources.md b/articles/sentinel/kusto-resources.md
@@ -18,7 +18,7 @@ Microsoft Sentinel uses Azure Monitor's Log Analytics environment and the Kusto
 ## Microsoft technical resources
 
 ### Microsoft Sentinel documentation
-- [Kusto Query Language in Microsoft Sentinel](kusto-overview.md)
+- [Kusto Query Language in Microsoft Sentinel](/kusto/query/kusto-sentinel-overview)
 
 ### Kusto documentation
 - [Kusto Query Language learning resources](/kusto/query/kql-learning-resources?view=microsoft-sentinel&preserve-view=true)
diff --git a/articles/sentinel/monitor-analytics-rule-integrity.md b/articles/sentinel/monitor-analytics-rule-integrity.md
@@ -171,7 +171,7 @@ For either **Scheduled analytics rule run** or **NRT analytics rule run**, you m
     | A function called by the query is named with a reserved word.   | Remove or rename the function.   |
     | A syntax error occurred while running the query.   | Try resetting the analytics rule by editing and saving it (without changing any settings). |
     | The workspace does not exist.   |   |
-    | This query was found to use too many system resources and was prevented from running.   | Review and tune the analytics rule. Consult our Kusto Query Language [overview](kusto-overview.md) and [best practices](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json) documentation. |
+    | This query was found to use too many system resources and was prevented from running.   | Review and tune the analytics rule. Consult our Kusto Query Language [overview](/kusto/query/kusto-sentinel-overview) and [best practices](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json) documentation. |
     | A function called by the query was not found.   | Verify the existence in your workspace of all functions called by the query.   |
     | The workspace used in the query was not found.   | Verify that all workspaces in the query exist.   |
     | You don't have permissions to run this query.   | Try resetting the analytics rule by editing and saving it (without changing any settings).   |
diff --git a/articles/sentinel/normalization-ingest-time.md b/articles/sentinel/normalization-ingest-time.md
@@ -61,7 +61,7 @@ Learn more about writing parsers in [Developing ASIM parsers](normalization-deve
  
 To normalize data at ingest, you will need to use a [Data Collection Rule (DCR)](/azure/azure-monitor/essentials/data-collection-rule-overview). The procedure for implementing the DCR depends on the method used to ingest the data. For more information, refer to the article [Transform or customize data at ingestion time in Microsoft Sentinel](configure-data-transformation.md).
 
-A [KQL](kusto-overview.md) transformation query is the core of a DCR. The KQL version used in DCRs is slightly different than the version used elsewhere in Microsoft Sentinel to accommodate for requirements of pipeline event processing. Therefore, you will need to modify any query-time parser to use it in a DCR. For more information on the differences, and how to convert a query-time parser to an ingest-time parser, read about the [DCR KQL limitations](/azure/azure-monitor/essentials/data-collection-transformations-structure#kql-limitations).
+A [KQL](/kusto/query/kusto-sentinel-overview) transformation query is the core of a DCR. The KQL version used in DCRs is slightly different than the version used elsewhere in Microsoft Sentinel to accommodate for requirements of pipeline event processing. Therefore, you will need to modify any query-time parser to use it in a DCR. For more information on the differences, and how to convert a query-time parser to an ingest-time parser, read about the [DCR KQL limitations](/azure/azure-monitor/essentials/data-collection-transformations-structure#kql-limitations).
 
 
 ## <a name="next-steps"></a>Next steps
diff --git a/articles/sentinel/scheduled-rules-overview.md b/articles/sentinel/scheduled-rules-overview.md
@@ -17,7 +17,7 @@ ms.collection: usx-security
 
 # Scheduled analytics rules in Microsoft Sentinel
 
-By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](kusto-overview.md) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. Queries can perform complex statistical operations on their target data, revealing baselines and outliers in groups of events. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
+By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](/kusto/query/kusto-sentinel-overview) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. Queries can perform complex statistical operations on their target data, revealing baselines and outliers in groups of events. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
 
 This article helps you understand how scheduled analytics rules are built, and introduces you to all the configuration options and their meanings. The information in this article is useful in two scenarios:
 
@@ -101,7 +101,7 @@ Everything you type into the rule query window is instantly validated, so you fi
    `project field1 = column_ifexists("field1","")`
 
 For more help building Kusto queries, see the following articles:
-- [Kusto Query Language in Microsoft Sentinel](kusto-overview.md)
+- [Kusto Query Language in Microsoft Sentinel](/kusto/query/kusto-sentinel-overview)
 - [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true)
 - [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true)
 
diff --git a/articles/sentinel/threat-detection.md b/articles/sentinel/threat-detection.md
@@ -49,7 +49,7 @@ Besides the preceding rule types, there are some other specialized template type
 
 ### Scheduled rules 
 
-By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](kusto-overview.md) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
+By far the most common type of analytics rule, **Scheduled** rules are based on [Kusto queries](/kusto/query/kusto-sentinel-overview) that are configured to run at regular intervals and examine raw data from a defined "lookback" period. If the number of results captured by the query passes the threshold configured in the rule, the rule produces an alert.
 
 The queries in [scheduled rule templates](create-analytics-rule-from-template.md) were written by security and data science experts, either from Microsoft or from the vendor of the solution providing the template. Queries can perform complex statistical operations on their target data, revealing baselines and outliers in groups of events.
 
