Merge pull request #2733 from MicrosoftDocs/main638936569372154088sync_temp

For protected branch, push strategy should use PR and merge to target branch method to work around git push error

Author: learn-build-service-prod[bot]

data-explorer/kusto/docs-navigation.md

@@ -2,38 +2,37 @@
 title: KQL docs navigation guide
 description: Learn how to understand which version of KQL documentation you are viewing and how to switch to a different version.
 ms.topic: conceptual
-ms.date: 08/14/2024
+ms.date: 09/15/2025
 ---
 # KQL docs navigation guide
 
 > [!INCLUDE [applies](includes/applies-to-version/applies.md)] [!INCLUDE [fabric](includes/applies-to-version/fabric.md)] [!INCLUDE [azure-data-explorer](includes/applies-to-version/azure-data-explorer.md)] [!INCLUDE [monitor](includes/applies-to-version/monitor.md)] [!INCLUDE [sentinel](includes/applies-to-version/sentinel.md)] 
 
-
-The behavior of KQL may vary when using this language in different services. When you view any KQL documentation article by using our Learn website, the currently chosen service name is visible above the table of contents (TOC) under the **Version** dropdown. Switch between services using the version dropdown to see the KQL behavior for the selected service.
+KQL behavior can vary across services. On Microsoft Learn, the selected service name appears above the table of contents (TOC) under the **Version** dropdown. To view behavior for another service, use the **Version** dropdown to switch services.
 
 ## Change service selection
 
-If you want to see the documentation for a different version of KQL, select the expander arrow located at the end of the current version moniker. Then select any service you want. When you select a different service, the displayed documentation suddenly changes to show the differences for the newly chosen version. There might or might not be any changes, and both cases are common.
+To view documentation for another KQL version, select the expander arrow at the end of the current version moniker, then select a service. The page updates to show any differences for that version. Some services have no differences, so the content might not change.
 
-:::image type="content" source="media/docs-navigation/version.gif" alt-text="Screen capture of selecting a different version in the TOC.":::
+:::image type="content" source="media/docs-navigation/version.gif" alt-text="Screenshot of selecting a different KQL version from the table of contents.":::
 
-## HTTPS parameter view=
+## HTTPS view= parameter
 
-Each article whose web address begins with `https://learn.microsoft.com/kusto/` has a parameter named `?view=` appended to its address. This parameter value is the versioning moniker code.
+Articles at `https://learn.microsoft.com/kusto/` include a `?view=` parameter. The parameter value is the versioning moniker code.
 
-The moniker code in the https address always matches the moniker name that is displayed in the versioning control.
+The moniker code in the HTTPS address always matches the moniker name displayed in the versioning control.
 
 ## Applies to services
 
-Most of the KQL articles have the words **Applies to** under their title. On the same line, there follows a handy listing of services with indicators of which services are relevant for this article. For example, a certain function could be applicable to Fabric and Azure Data Explorer, but not Azure Monitor or others. If you do not see the service you are using, most likely the article is not relevant to your service. 
+Most KQL articles include **Applies to** under the title. The line lists services and shows which ones the article applies to. For example, a function might apply to Microsoft Fabric and Azure Data Explorer, but not to Azure Monitor. If you don't see your service, the article likely doesn't apply. 
 
 ## Versions
 
-The following table describes the different versions of KQL and the services they are associated with.
+This table describes KQL versions and their associated services.
 
 | Version | Description |
 |---|---|
-| Microsoft Fabric | [Microsoft Fabric](/fabric/get-started/microsoft-fabric-overview) is an end-to-end analytics and data platform designed for enterprises that require a unified solution. It encompasses data movement, processing, ingestion, transformation, real-time event routing, and report building. Within the suite of experiences offered in Microsof Fabric, [Real-Time Intelligence](/fabric/real-time-intelligence/overview) is a powerful service that empowers everyone in your organization to extract insights and visualize their data in motion. It offers an end-to-end solution for event-driven scenarios, streaming data, and data logs. <br> <br> The main query environment for KQL in Microsoft Fabric is the [KQL queryset](/fabric/real-time-intelligence/kusto-query-set). <br> <br> KQL in Microsoft Fabric supports query operators, functions, and management commands. |
-| Azure Data Explorer | [Azure Data Explorer](/azure/data-explorer/data-explorer-overview) is a fully managed, high-performance, big data analytics platform that makes it easy to analyze high volumes of data in near real time. There are several [query environments and integrations](/azure/data-explorer/integrate-query-overview) that can be used in Azure Data Explorer, including the [web UI](/azure/data-explorer/web-ui-query-overview). <br> <br> KQL in Azure Data Explorer is the full, native version, which supports all query operators, functions, and management commands.|
-| Azure Monitor | [Log Analytics](/azure/azure-monitor/logs/log-analytics-overview) is a tool in the Azure portal that's used to edit and run log queries against data in the [Azure Monitor](/azure/azure-monitor/overview) Logs store. You interact with Log Anlytics in a [Log Analytics workspace in the Azure portal](/azure/azure-monitor/logs/log-analytics-overview#log-analytics-interface). <br> <br> KQL in Azure Monitor uses a subset of the overall KQL operators and functions. |
-| Microsoft Sentinel | [Microsoft Sentinel](/azure/sentinel/overview) is a scalable, cloud-native security information and event management (SIEM) that delivers an intelligent and comprehensive solution for SIEM and security orchestration, automation, and response (SOAR). Microsoft Sentinel provides cyberthreat detection, investigation, response, and proactive hunting, with a bird's-eye view across your enterprise. Microsoft Sentinel is built on top of the Azure Monitor service and it uses Azure Monitor's Log Analytics workspaces to store all of its data. <br> <br> KQL in Microsoft Sentinel uses a subset of the overall KQL operators and functions. |
+| Microsoft Fabric | [Microsoft Fabric](/fabric/get-started/microsoft-fabric-overview) is an end-to-end analytics and data platform for enterprises that need a unified solution. It covers data movement, processing, ingestion, transformation, real-time event routing, and report building. Within the suite of experiences in Microsoft Fabric, [Real-Time Intelligence](/fabric/real-time-intelligence/overview) lets everyone in your organization extract insights and visualize streaming data. It provides an end-to-end solution for event-driven scenarios, streaming data, and data logs. <br> <br> The main query environment for KQL in Microsoft Fabric is the [KQL queryset](/fabric/real-time-intelligence/kusto-query-set). <br> <br> KQL in Microsoft Fabric supports query operators, functions, and management commands. |
+| Azure Data Explorer | [Azure Data Explorer](/azure/data-explorer/data-explorer-overview) is a fully managed, high-performance analytics platform for near real-time analysis of large data volumes. Use several [query environments and integrations](/azure/data-explorer/integrate-query-overview), including the [web UI](/azure/data-explorer/web-ui-query-overview). <br> <br> KQL in Azure Data Explorer is the full native version. It supports all query operators, functions, and management commands.|
+| Azure Monitor | [Log Analytics](/azure/azure-monitor/logs/log-analytics-overview) is a tool in the Azure portal you use to edit and run log queries against data in the [Azure Monitor](/azure/azure-monitor/overview) Logs store. Use Log Analytics in a [Log Analytics workspace in the Azure portal](/azure/azure-monitor/logs/log-analytics-overview#log-analytics-interface). <br> <br> KQL in Azure Monitor uses a subset of KQL operators and functions. |
+| Microsoft Sentinel | [Microsoft Sentinel](/azure/sentinel/overview) is a scalable, cloud-native security information and event management (SIEM) platform with security orchestration, automation, and response (SOAR). It provides threat detection, investigation, response, and proactive hunting across your enterprise. It uses Azure Monitor Log Analytics workspaces to store its data. <br> <br> KQL in Microsoft Sentinel uses a subset of KQL operators and functions. |

data-explorer/kusto/index.yml

@@ -10,7 +10,7 @@ metadata:
   ms.topic: landing-page
   author: spelluru
   ms.author: spelluru
-  ms.date: 08/11/2024
+  ms.date: 09/15/2025
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
 

data-explorer/kusto/media/set-timeouts/kusto-explorer-set-timeouts.png

@@ -1,44 +1,45 @@
 ---
-title: Kusto Query Language learning resources
-description: This article provides a list of various learning resources to help you ramp up on Kusto Query Language (KQL) effectively.
+title: Kusto Query Language Learning Resources
+description: Learn KQL from scratch with curated resources, including tutorials, demos, and training programs for data analysts and professionals.
 ms.reviewer: alexans
 ms.topic: concept-article
-ms.date: 08/11/2024
+ms.date: 09/15/2025
 #customerIntent: As a data analyst, I want to access various learning resources for Kusto Query Language (KQL), so that I can effectively explore and analyze data using KQL.
 ---
+
 # Kusto Query Language learning resources
 
 > [!INCLUDE [applies](../includes/applies-to-version/applies.md)] [!INCLUDE [fabric](../includes/applies-to-version/fabric.md)] [!INCLUDE [azure-data-explorer](../includes/applies-to-version/azure-data-explorer.md)] [!INCLUDE [monitor](../includes/applies-to-version/monitor.md)] [!INCLUDE [sentinel](../includes/applies-to-version/sentinel.md)]
 
-Kusto Query Language (KQL) is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. Are you new to KQL or want to improve your KQL skills? Take a look at the following learning resources.
+Use Kusto Query Language (KQL) to explore your data, discover patterns, identify anomalies and outliers, build statistical models, and more. New to KQL or want to improve your skills? Use the following learning resources.
 
-For more information on KQL, see [KQL overview](index.md).
+For more information, see [KQL overview](index.md).
 
-::: moniker range="microsoft-sentinel || azure-monitor"
+:::moniker range="microsoft-sentinel || azure-monitor"
 
 ## Demo environment
 
-You can practice Kusto Query Language statements in a [Log Analytics demo environment](https://aka.ms/lademo) in the Azure portal. There's no charge to use this practice environment, but you do need an Azure account to access it.
+Practice Kusto Query Language statements in the [Log Analytics demo environment](https://aka.ms/lademo) in the Azure portal. It's free, but you need an Azure account.
 
-Like Log Analytics in your production environment, it can be used in many ways:
+Like your production Log Analytics workspace, the demo environment lets you:
 
-* **Choose a table on which to build a query.** From the default **Tables** tab (shown in the red rectangle at the upper left), select a table from the list of tables grouped by topics (shown at the lower left). Expand the topics to see the individual tables, and you can further expand each table to see all its fields (columns). Double-clicking on a table or a field name places it at the point of the cursor in the query window. Type the rest of your query following the table name, as directed below.
+* **Choose a table on which to build a query.** From the **Tables** tab, select a table from the list grouped by topic. Expand a topic to see its tables. Expand a table to see its fields (columns). Double-click a table or field name to insert it at the cursor in the query window. Type the rest of the query after the table name.
 
-* **Find an existing query to study or modify.** Select the **Queries** tab (shown in the red rectangle at the upper left) to see a list of queries available out-of-the-box. Or, select **Queries** from the button bar at the top right. Double-click a query to place it in the query window at the point of the cursor.
+* **Find an existing query to study or modify.** Select the **Queries** tab to see the list of queries available by default. Alternatively, select **Queries** from the button bar. Double-click a query to insert it at the cursor in the query window.
 
 ::: moniker-end
 
 ::: moniker range="microsoft-sentinel"
 
-Like in this demo environment, you can query and filter data in the Microsoft Sentinel **Logs** page. You can select a table and drill down to see columns. You can modify the default columns shown using the **Column chooser**, and you can set the default time range for queries. If the time range is explicitly defined in the query, the time filter is unavailable (grayed out).
+As in the demo environment, query and filter data on the Microsoft Sentinel **Logs** page. Select a table and drill down to see its columns. Use the **Column chooser** to modify the default columns, and set the default time range for queries. If the time range is explicitly defined in the query, the time filter is unavailable (grayed out).
 
-If Microsoft Sentinel is [onboarded to the Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal), you can also query and filter data in the Microsoft Defender **Advanced hunting** page. For more information, see [Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal](/defender-xdr/advanced-hunting-microsoft-defender?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json&branch=main).
+If Microsoft Sentinel is [onboarded to the Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal), query and filter data on the Microsoft Defender **Advanced hunting** page. For more information, see [Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal](/defender-xdr/advanced-hunting-microsoft-defender?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json&branch=main).
 
 ::: moniker-end
 
-## General training
+## KQL training
 
-For general information about KQL, see:
+Learn more about KQL:
 
 * [Pluralsight: KQL from scratch](https://www.pluralsight.com/courses/kusto-query-language-kql-from-scratch)
 * [Kusto Detective Agency](https://detective.kusto.io/)

data-explorer/kusto/media/set-timeouts/web-ui-set-timeouts.png

@@ -1,9 +1,9 @@
 ---
-title: KQL quick reference
-description: A list of useful KQL functions and their definitions with syntax examples.
+title: KQL Quick Reference
+description: Learn how to use KQL functions like `where`, `summarize`, and `render` with syntax examples to streamline your data queries.
 ms.reviewer: 
 ms.topic: conceptual
-ms.date: 08/11/2024
+ms.date: 09/15/2025
 adobe-target: true
 ---