Final ADX cleanup

Author: yelevin

articles/sentinel/TOC.yml

@@ -910,13 +910,13 @@
     - name: Overview
       href: kusto-overview.md
     - name: Query best practices
-      href: /kusto/query/best-practices?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
     - name: SQL to KQL cheat sheet
-      href: /kusto/query/sqlcheatsheet?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/sqlcheatsheet?view=microsoft-sentinel&preserve-view=true&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
     - name: Splunk to KQL cheat sheet
-      href: /kusto/query/splunk-cheat-sheet?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/splunk-cheat-sheet?view=microsoft-sentinel&preserve-view=true&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
     - name: KQL quick reference
-      href: /kusto/query/kql-quick-reference?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
     - name: Other KQL resources
       href: kusto-resources.md 
   - name: Create custom query

articles/sentinel/bookmarks.md

@@ -120,7 +120,7 @@ View bookmarked queries, results, or their history.
 
    :::image type="content" source="media/bookmarks/bookmark-logs.png" alt-text="Screenshot of bookmark logs command.":::
 
-This view shows all your bookmarks with associated metadata. You can use [Kusto Query Language (KQL)](/azure/data-explorer/kql-quick-reference) queries to filter down to the latest version of the specific bookmark you're looking for.
+This view shows all your bookmarks with associated metadata. You can use [Kusto Query Language (KQL)](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true) queries to filter down to the latest version of the specific bookmark you're looking for.
 
 There can be a significant delay (measured in minutes) between the time you create a bookmark and when it's displayed in the **Bookmarks** tab.
 

articles/sentinel/create-analytics-rule-from-template.md

@@ -84,6 +84,11 @@ From the Microsoft Defender navigation menu, expand **Microsoft Sentinel**, then
 
 1. Cycle through the tabs of the wizard, customizing the logic and other rule settings where possible to better suit your specific needs. 
 
+    If you need to make any changes to the query itself, consult the following articles from the Kusto documentation for help:
+    - [Kusto Query Language in Microsoft Sentinel](kusto-overview.md)
+    - [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true)
+    - [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true)
+
     When you get to the end of the rule creation wizard, Microsoft Sentinel creates the rule. The new rule appears in the **Active rules** tab.
 
     Repeat the process to create more rules. For more details on how to customize your rules in the rule creation wizard, see [Create a custom analytics rule from scratch](create-analytics-rules.md).

articles/sentinel/kusto-resources.md

@@ -29,9 +29,9 @@ Microsoft Sentinel uses Azure Monitor's Log Analytics environment and the Kusto
 - [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true)
 
 ### Reference guides
-- [KQL quick reference guide](/azure/data-explorer/kql-quick-reference)
-- [SQL to Kusto cheat sheet](/kusto/query/sqlcheatsheet)
-- [Splunk to Kusto Query Language map](/kusto/query/splunk-cheat-sheet)
+- [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true)
+- [SQL to Kusto cheat sheet](/kusto/query/sqlcheatsheet?view=microsoft-sentinel&preserve-view=true)
+- [Splunk to Kusto Query Language map](/kusto/query/splunk-cheat-sheet?view=microsoft-sentinel&preserve-view=true)
 
 ### Microsoft Sentinel Learn modules
 - [Write your first query with Kusto Query Language](/training/modules/write-first-query-kusto-query-language/)

articles/sentinel/migration-ingestion-target-platform.md

@@ -80,8 +80,8 @@ In some cases, even if your disk is capable of copying your data quickly, comput
 Each of the target platforms discussed in this section has a different performance profile.
 
 - **Azure Monitor Basic logs**. By default, Basic logs can be pushed to Azure Monitor at a rate of approximately 1 GB per minute. This rate allows you to ingest approximately 1.5 TB per day or 43 TB per month.
-- **Azure Data Explorer**. Ingestion performance varies, depending on the size of the cluster you provision, and the batching settings you apply. [Learn about ingestion best practices](/azure/data-explorer/kusto/management/ingestion-faq), including performance and monitoring. 
-- **Azure Blob Storage**. The performance of an Azure Blob Storage account can greatly vary depending on the number and size of the files, job size, concurrency, and so in. [Learn how to optimize AzCopy performance with Azure Storage](/azure/data-explorer/kusto/management/ingestion-faq).  
+- **Azure Data Explorer**. Ingestion performance varies, depending on the size of the cluster you provision, and the batching settings you apply. [Learn about ingestion best practices](/azure/data-explorer/ingestion-faq), including performance and monitoring. 
+- **Azure Blob Storage**. The performance of an Azure Blob Storage account can greatly vary depending on the number and size of the files, job size, concurrency, and so in. [Learn how to optimize AzCopy performance with Azure Storage](/azure/data-explorer/ingestion-faq).  
 
 ### Amount of data
 

articles/sentinel/migration-ingestion-tool.md

@@ -58,7 +58,7 @@ If you choose LightIngest, review these tips and best practices.
 
 - To speed up your migration and reduce costs, increase the size of your ADX cluster to create more available nodes for ingestion. Decrease the size once the migration is over.
 - For more efficient queries after you ingest the data to ADX, ensure that the copied data uses the timestamp for the original events. The data shouldn't use the timestamp from when the data is copied to ADX. You provide the timestamp to LightIngest as the path of file name as part of the [CreationTime property](/azure/data-explorer/lightingest#how-to-ingest-data-using-creationtime). 
-- If your path or file names don't include a timestamp, you can still instruct ADX to organize the data using a [partitioning policy](/azure/data-explorer/kusto/management/partitioningpolicy).
+- If your path or file names don't include a timestamp, you can still instruct ADX to organize the data using a [partitioning policy](/kusto/management/partitioning-policy?view=azure-data-explorer&preserve-view=true).
 
 ### Logstash 
 

articles/sentinel/scheduled-rules-overview.md

@@ -102,8 +102,8 @@ Everything you type into the rule query window is instantly validated, so you fi
 
 For more help building Kusto queries, see the following articles:
 - [Kusto Query Language in Microsoft Sentinel](kusto-overview.md)
-- [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json)
-- [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json)
+- [KQL quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true)
+- [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true)
 
 ### Alert enhancement