Merging changes synced from https://github.com/MicrosoftDocs/dataexplorer-docs-pr (branch live)

Author: Learn Build Service GitHub App

data-explorer/kusto/query/splunk-cheat-sheet.md

@@ -2,7 +2,7 @@
 title: Splunk to Kusto map
 description: Learn how to write log queries in Kusto Query Language by comparing Splunk and Kusto Query Language concept mappings.
 ms.topic: conceptual
-ms.date: 08/11/2024
+ms.date: 02/25/2025
 ---
 
 # Splunk to Kusto cheat sheet
@@ -182,6 +182,15 @@ In Kusto, you can use `summarize arg_min()` to reverse the order of which record
 | Splunk | `dedup` |  `Event.Rule=330009.2`<br />&#124; `dedup device_id sortby -batterylife` |
 | Kusto | `summarize arg_max()` | `Office_Excel_BI_PivotTableCreate`<br />&#124; `summarize arg_max(batterylife, *) by device_id` |
 
+### Timechart
+
+Kusto and Splunk both use the `timechart` operator to visualize data over time. In Splunk, it aggregates data over specified time intervals and can be used with various statistical functions. In Kusto, the equivalent is achieved using the `summarize` and `bin` functions, followed by the [render timechart](visualization-timechart.md) operator.
+
+| Product | Operator | Example |
+|:---|:---|:---| 
+| Splunk | `timechart` | `index=StormEvents` <br />&#124; `where StartTime >= "2007-01-01" AND StartTime <= "2007-12-31" AND DamageCrops > 0` <br />&#124; `bin span=7d StartTime` <br />&#124; `stats count as EventCount by StartTime` <br />&#124; `timechart span=7d count as EventCount` |
+| Kusto | `timechart` | `StormEvents` <br />&#124; `where StartTime between (datetime(2007-01-01) .. datetime(2007-12-31)) and DamageCrops > 0` <br />&#124; `summarize EventCount = count() by bin(StartTime, 7d)` <br />&#124; `render timechart` |
+
 ## Related content
 
 - Walk through a tutorial on the [Kusto Query Language](/azure/data-explorer/kusto/query/tutorials/learn-common-operators?pivots=azuremonitor).

data-explorer/web-share-queries.md

@@ -2,7 +2,7 @@
 title: 'Share queries from Azure Data Explorer web UI'
 description: This guide teaches you how to share queries from the Azure Data Explorer web UI.
 ms.topic: how-to
-ms.date: 01/14/2025
+ms.date: 03/03/2025
 ---
 
 # Share queries from Azure Data Explorer web UI
@@ -80,6 +80,9 @@ To copy a link to share with others and the text of the query, follow these step
 > [!NOTE]
 > The query link request is generated with `request_readonly_hardline` set to `true`, ensuring it operates in strict read-only mode for enhanced security in protected mode. The **Protected mode** banner displays above the query and an icon appears in the query tab when protected mode is enabled. For more information about this request property, see [Request properties](/azure/data-explorer/kusto/api/rest/request-properties).
 
+> [!TIP]
+> You can open the shared query as a [Fabric Real-Time Intelligence](/fabric/real-time-intelligence/overview) link. This feature allows you to experiment with a trial Fabric Real-Time Intelligence account using your own data, without the need to move any data.
+
 ## Link, query, results to clipboard
 
 To copy a link to share with others, the text of the query, and the results of the query, follow these steps:
@@ -95,6 +98,9 @@ To copy a link to share with others, the text of the query, and the results of t
 > [!NOTE]
 > The query link request is generated with `request_readonly_hardline` set to `true`, ensuring it operates in strict read-only mode for enhanced security in protected mode. The **Protected mode** banner displays above the query and an icon appears in the query tab when protected mode is enabled. For more information about this request property, see [Request properties](/azure/data-explorer/kusto/api/rest/request-properties).
 
+> [!TIP]
+> You can open the shared query as a [Fabric Real-Time Intelligence](/fabric/real-time-intelligence/overview) link. This feature allows you to experiment with a trial Fabric Real-Time Intelligence account using your own data, without the need to move any data.
+
 ## Download
 
 To download a KQL file of the query, follow these steps: