Merge pull request #292505 from yelevin/yelevin/kusto-updates-2

Updating old Kusto links to new ones

Author: v-ccolin

articles/sentinel/connect-azure-functions-template.md

@@ -45,7 +45,7 @@ Make sure that you have the following permissions and credentials before using A
 > [!NOTE]
 > - You can securely store workspace and API authorization keys or tokens in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](../app-service/app-service-key-vault-references.md) to use Azure Key Vault with an Azure Function App.
 >
-> - Some data connectors depend on a parser based on a [Kusto Function](/azure/data-explorer/kusto/query/functions/user-defined-functions) to work as expected. See the section for your service in the [Microsoft Sentinel data connectors reference](data-connectors-reference.md) page for links to instructions to create the Kusto function and alias.
+> - Some data connectors depend on a parser based on a [Kusto Function](/kusto/query/functions/user-defined-functions?view=microsoft-sentinel&preserve-view=true) to work as expected. See the section for your service in the [Microsoft Sentinel data connectors reference](data-connectors-reference.md) page for links to instructions to create the Kusto function and alias.
 
 
 ### Step 1: Get your source system's API credentials

articles/sentinel/create-analytics-rules.md

@@ -46,7 +46,7 @@ Before you do anything else, you should design and build a query in Kusto Query
 
 For some helpful tips for building Kusto queries, see [Best practices for analytics rule queries](scheduled-rules-overview.md#best-practices-for-analytics-rule-queries).
 
-For more help building Kusto queries, see [Kusto Query Language in Microsoft Sentinel](kusto-overview.md) and [Best practices for Kusto Query Language queries](/azure/data-explorer/kusto/query/best-practices?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json).
+For more help building Kusto queries, see [Kusto Query Language in Microsoft Sentinel](kusto-overview.md) and [Best practices for Kusto Query Language queries](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json).
 
 ## Create your analytics rule
 

articles/sentinel/extend-sentinel-across-workspaces-tenants.md

@@ -25,11 +25,11 @@ Microsoft Sentinel supports a [multiple workspace incident view](./multiple-work
 
 Query [multiple workspaces](/azure/azure-monitor/logs/cross-workspace-query) to search and correlate data from multiple workspaces in a single query.
 
-- Use the [`workspace( )` expression](/azure/azure-monitor/logs/workspace-expression), with the workspace identifier as the argument, to refer to a table in a different workspace.
+- Use the [`workspace( )` expression](/azure/azure-monitor/logs/cross-workspace-query#query-across-log-analytics-workspaces-using-workspace), with the workspace identifier as the argument, to refer to a table in a different workspace.
 
-   - See [important information](/azure/azure-monitor/logs/workspace-expression#syntax) about the use of identifier formats to ensure proper performance.
+   - See [important information](/azure/azure-monitor/logs/cross-workspace-query#arguments) about the use of identifier formats to ensure proper performance.
 
-- Use the [union operator](/azure/data-explorer/kusto/query/unionoperator?pivots=azuremonitor) alongside the `workspace( )` expression to apply a query across tables in multiple workspaces.
+- Use the [union operator](/kusto/query/union-operator?view=microsoft-sentinel&preserve-view=true) alongside the `workspace( )` expression to apply a query across tables in multiple workspaces.
 
 - Use saved [functions](/azure/azure-monitor/logs/functions) to simplify cross-workspace queries. For example, you can shorten a long reference to the *SecurityEvent* table in Customer A's workspace by saving the expression:
 

articles/sentinel/hunting.md

@@ -200,7 +200,7 @@ For more information, see:
 
 ## Useful operators and functions
 
-Hunting queries are built in [Kusto Query Language (KQL)](/azure/data-explorer/kusto/query/), a powerful query language with IntelliSense language that gives you the power and flexibility you need to take hunting to the next level.
+Hunting queries are built in [Kusto Query Language (KQL)](/kusto/query/?view=microsoft-sentinel&preserve-view=true), a powerful query language with IntelliSense language that gives you the power and flexibility you need to take hunting to the next level.
 
 It's the same language used by the queries in your analytics rules and elsewhere in Microsoft Sentinel. For more information, see [Query Language Reference](/azure/azure-monitor/logs/get-started-queries).
 

articles/sentinel/hunts-custom-queries.md

@@ -75,7 +75,7 @@ Only queries that from a custom content source can be edited. Other content sour
 
 ## Related content
 
-- [KQL quick reference](/azure/data-explorer/kusto/query/kql-quick-reference?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json)
+- [KQL quick reference](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true&toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json)
 - [Advanced Security Information Model (ASIM) parser](normalization-about-parsers.md)
 - [Threat hunting in Microsoft Sentinel](hunting.md)
 - [Conduct end-to-end proactive threat hunting in Microsoft Sentinel](hunts.md)

articles/sentinel/identify-threats-with-entity-behavior-analytics.md

@@ -77,7 +77,7 @@ Information about **entity pages** can now be found at [Entity pages in Microsof
 
 ## Querying behavior analytics data
 
-Using [KQL](/azure/data-explorer/kusto/query/), we can query the **BehaviorAnalytics** table.
+Using [KQL](/kusto/query/?view=microsoft-sentinel&preserve-view=true), we can query the **BehaviorAnalytics** table.
 
 For example – if we want to find all the cases of a user that failed to sign in to an Azure resource, where it was the user's first attempt to connect from a given country/region, and connections from that country/region are uncommon even for the user's peers, we can use the following query: