diff --git a/data-explorer/includes/cross-repo/fluent-bit-2.md b/data-explorer/includes/cross-repo/fluent-bit-2.md index 99db186c95..c879f7fc3a 100644 --- a/data-explorer/includes/cross-repo/fluent-bit-2.md +++ b/data-explorer/includes/cross-repo/fluent-bit-2.md @@ -74,18 +74,32 @@ To configure Fluent Bit to send logs to your table in Kusto, create a [classic m | tenant_id | The tenant ID from [Create a Microsoft Entra service principal](#create-a-microsoft-entra-service-principal). | :heavy_check_mark: | | | client_id | The application ID from [Create a Microsoft Entra service principal](#create-a-microsoft-entra-service-principal). | :heavy_check_mark: | | | client_secret | The client secret key value (password) from [Create a Microsoft Entra service principal](#create-a-microsoft-entra-service-principal). | :heavy_check_mark: | | +| managed_identity_client_id | The client ID of the managed identity to use for authentication. | :heavy_check_mark: | | | ingestion_endpoint | Enter the value as described for [Ingestion_Endpoint](#ingestion-uri). | :heavy_check_mark: | | | database_name | The name of the database that contains your logs table. | :heavy_check_mark: | | | table_name | The name of the table from [Create a target table](#create-a-target-table). | :heavy_check_mark: | | | ingestion_mapping_reference | The name of the ingestion mapping from [Create a target table](#create-a-target-table). If you didn't create an ingestion mapping, remove the property from the configuration file. | | | | log_key | Key name of the log content. For instance, `log`. | | `log` | +| include_tag_key | If enabled, a tag is appended to output.| | `On` | | tag_key | The key name of tag. Ignored if `include_tag_key` is false. | | `tag` | -| include_time_key | A timestamp is appended to output, if enabled. Uses the `time_key` property. | | `true` | +| include_time_key | A timestamp is appended to output, if enabled. Uses the `time_key` property. | | `On` | | time_key | The key name for the timestamp in the log records. Ignored if `include_time_key` false. | | `timestamp` | -| ingestion_endpoint_connect_timeout | The connection timeout of various Kusto endpoints in seconds. | | `60s` | +| ingestion_endpoint_connect_timeout | The connection timeout of various Kusto endpoints in seconds. | | `60` | | compression_enabled | Sends compressed HTTP payload (gzip) to Kusto, if enabled. | | `true` | -| ingestion_resources_refresh_interval | The ingestion resources refresh interval of Kusto endpoint in seconds. | | `3600` | +| ingestion_resources_refresh_interval | The ingestion resources refresh interval of Kusto endpoint in seconds. | | | | workers | The number of [workers](https://docs.fluentbit.io/manual/administration/multithreading#outputs) to perform flush operations for this output. | | `0` | +| buffering_enabled | If enabled, buffers data into disk before ingesting into Kusto. | | `Off` | +| buffer_path | Specifies the location of the directory where the buffered data will be stored if `buffering_enabled` is `On`. | | `/tmp/fluent-bit/azure-kusto/` | +| upload_timeout | Specifies the timeout for uploads if `buffering_enabled` is `On`. Files older than this are ingested even if below size limit. | | `30m` | +| upload_file_size | Specifies the maximum size of a file to be uploaded if `buffering_enabled` is `On`. | | `200MB` | +| azure_kusto_buffer_key | Azure Kusto buffer key to identify plugin instances when `buffering_enabled` is `On`. Required for multiple Azure Kusto outputs with buffering. | | `key` | +| store_dir_limit_size | The maximum size of the directory where buffered data is stored if `buffering_enabled` is `On`. | | `8GB` | +| buffer_file_delete_early| When `buffering_enabled` is `On`, whether to delete the buffered file early after successful blob creation. | | `Off` | +| unify_tag | Creates a single buffer file when `buffering_enabled` is `On`. | | `On` | +| blob_uri_length | Set the length of generated blob URI before ingesting to Kusto. | | `64` | +| scheduler_max_retries | When `buffering_enabled` is `On`, set the maximum number of retries for ingestion using the scheduler. | | `3` | +| delete_on_max_upload_error | When `buffering_enabled` is `On`, whether to delete the buffer file on maximum upload errors. | | `Off` | +| IO_timeout | Configure the HTTP IO timeout for uploads. | | `60s` | To see an example configuration file, select the relevant tab: @@ -110,18 +124,31 @@ To see an example configuration file, select the relevant tab: Refresh_Interval 10 [OUTPUT] - match * - name azure_kusto - tenant_id - client_id - client_secret - ingestion_endpoint - database_name - table_name - ingestion_mapping_reference - ingestion_endpoint_connect_timeout - compression_enabled - ingestion_resources_refresh_interval + [OUTPUT] + Match * + Name azure_kusto + Tenant_Id + Client_Id + Client_Secret + Ingestion_Endpoint https://ingest-..kusto.windows.net + Database_Name + Table_Name + Ingestion_Mapping_Reference + ingestion_endpoint_connect_timeout + compression_enabled + ingestion_resources_refresh_interval + buffering_enabled On + upload_timeout 2m + upload_file_size 125M + azure_kusto_buffer_key kusto1 + buffer_file_delete_early Off + unify_tag On + buffer_dir /var/log/ + store_dir_limit_size 16GB + blob_uri_length 128 + scheduler_max_retries 3 + delete_on_max_upload_error Off + io_timeout 60s ``` ### [YAML mode](#tab/yaml) @@ -160,18 +187,31 @@ config: outputs: | [OUTPUT] - match * - name azure_kusto - tenant_id - client_id - client_secret - ingestion_endpoint - database_name - table_name - ingestion_mapping_reference - ingestion_endpoint_connect_timeout - compression_enabled - ingestion_resources_refresh_interval + [OUTPUT] + Match * + Name azure_kusto + Tenant_Id + Client_Id + Client_Secret + Ingestion_Endpoint https://ingest-..kusto.windows.net + Database_Name + Table_Name + Ingestion_Mapping_Reference + ingestion_endpoint_connect_timeout + compression_enabled + ingestion_resources_refresh_interval + buffering_enabled On + upload_timeout 2m + upload_file_size 125M + azure_kusto_buffer_key kusto1 + buffer_file_delete_early Off + unify_tag On + buffer_dir /var/log/ + store_dir_limit_size 16GB + blob_uri_length 128 + scheduler_max_retries 3 + delete_on_max_upload_error Off + io_timeout 60s ``` --- diff --git a/data-explorer/kusto/query/arg-max-aggregation-function.md b/data-explorer/kusto/query/arg-max-aggregation-function.md index 28f9d0af98..ccb3c1d7a4 100644 --- a/data-explorer/kusto/query/arg-max-aggregation-function.md +++ b/data-explorer/kusto/query/arg-max-aggregation-function.md @@ -37,6 +37,8 @@ Returns a row in the table that maximizes the specified expression *ExprToMaximi ## Examples +### General examples + The following example finds the maximum latitude of a storm event in each state. :::moniker range="azure-data-explorer" @@ -67,7 +69,6 @@ The results table displays only the first 10 rows. | TEXAS | 36.4607 | DARROUZETT | | ... | ... | ... | - The following example finds the last time an event with a direct death happened in each state, showing all the columns. The query first filters the events to include only those events where there was at least one direct death. Then the query returns the entire row with the most recent `StartTime`. @@ -101,7 +102,6 @@ The results table displays only the first 10 rows and first three columns. | LAKE MICHIGAN | 2007-06-07T13:00:00Z | 2007-06-07T13:00:00Z | ... | | ... | ... | ... | ... | - The following example demonstrates null handling. :::moniker range="azure-data-explorer" @@ -129,16 +129,11 @@ datatable(Fruit: string, Color: string, Version: int) [ | Banana | | Yellow | | Pear | 2 | Green | -## Comparison to max() +### Examples comparing arg_max() and max() The arg_max() function differs from the [max() function](max-aggregation-function.md). The arg_max() function allows you to return other columns along with the maximum value, and [max()](max-aggregation-function.md) only returns the maximum value itself. -### Examples - -#### arg_max() - -The following example finds the last time an event with a direct death happened, showing all the columns in the table. - +The following example uses arg_max() to find the last time an event with a direct death happened in each state, showing all the columns. The query first filters the events to only include events where there was at least one direct death. Then the query returns the entire row with the most recent (maximum) StartTime. :::moniker range="azure-data-explorer" @@ -158,11 +153,7 @@ The results table returns all the columns for the row containing the highest val |--|--|--|--| | 2007-12-31T15:00:00Z | 2007-12-31T15:00:00 | 12688 | 69700 | UTAH | Avalanche | ... | -#### max() - -Find the last time an event with a direct death happened. - -The query filters events to only include events where there is at least one direct death, and then returns the maximum value for StartTime. +The following example uses the max() function to find the last time an event with a direct death happened in each state, but only returns the maximum value of StartTime. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/arg-min-aggregation-function.md b/data-explorer/kusto/query/arg-min-aggregation-function.md index 4464abe9dd..5b19b5f537 100644 --- a/data-explorer/kusto/query/arg-min-aggregation-function.md +++ b/data-explorer/kusto/query/arg-min-aggregation-function.md @@ -41,7 +41,7 @@ Returns a row in the table that minimizes *ExprToMinimize*, and the values of co ## Examples -Find the minimum latitude of a storm event in each state. +The following example finds the maximum latitude of a storm event in each state. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -137,11 +137,7 @@ The arg_min() function differs from the [min() function](min-aggregation-functio ### Examples -#### arg_min() - -Find the first time an event with a direct death happened, showing all the columns in the table. - -The query first filters the events to only include those where there was at least one direct death. Then the query returns the entire row with the lowest value for StartTime. +The following example uses arg_min() to find the last time an event with a direct death happened in each state, showing all the columns. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -160,11 +156,7 @@ The results table returns all the columns for the row containing the lowest valu |--|--|--|--| | 2007-01-01T00:00:00Z | 2007-01-22T18:49:00Z | 2408 | 11929 | INDIANA | Flood | ... | -#### min() - -Find the first time an event with a direct death happened. - -The query filters events to only include those where there is at least one direct death, and then returns the minimum value for StartTime. +The following example uses the min() function to find the last time an event with a direct death happened in each state, but only returns the minimum value of StartTime. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/array-iff-function.md b/data-explorer/kusto/query/array-iff-function.md index 1e4157a5db..7e120e8e4c 100644 --- a/data-explorer/kusto/query/array-iff-function.md +++ b/data-explorer/kusto/query/array-iff-function.md @@ -40,6 +40,8 @@ Returns a dynamic array of the values taken either from the *when_true* or *when ## Examples +The following example shows how to use the `array_iff()` function to evaluate elements in an array. + :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] > Run the query @@ -56,7 +58,7 @@ print condition=dynamic([true,false,true]), if_true=dynamic([1,2,3]), if_false=d |---|---|---|---| |[true, false, true]|[1, 2, 3]|[4, 5, 6]|[1, 5, 3]| -### Numeric condition values +The following example shows how numeric condition values are treated as boolean values. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -74,7 +76,7 @@ print condition=dynamic([1,0,50]), if_true="yes", if_false="no" |---|---|---|---| |[1, 0, 50]|yes|no|[yes, no, yes]| -### Non-numeric and non-boolean condition values +The following example shows how to use the `array_iff()` function with non-numeric and non-boolean condition values. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -92,7 +94,7 @@ print condition=dynamic(["some string value", datetime("01-01-2022"), null]), if |---|---|---|---| |[true, false, true]|1|0|[null, null, null]| -### Mismatched array lengths +The following example shows how the function handles mismatched array lengths. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/beta-inv-function.md b/data-explorer/kusto/query/beta-inv-function.md index d6bc1b5e6d..8ee88015b9 100644 --- a/data-explorer/kusto/query/beta-inv-function.md +++ b/data-explorer/kusto/query/beta-inv-function.md @@ -42,6 +42,8 @@ The inverse of the beta cumulative probability density function [beta_cdf()](bet ## Examples +The following example shows how to use the `beta_inv()` function to return the inverse of the beta cumulative probability density function. + :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] > Run the query diff --git a/data-explorer/kusto/query/consume-operator.md b/data-explorer/kusto/query/consume-operator.md index 6105a0a473..fb4ad8e24c 100644 --- a/data-explorer/kusto/query/consume-operator.md +++ b/data-explorer/kusto/query/consume-operator.md @@ -14,11 +14,8 @@ Consumes the tabular data stream handed to the operator. The `consume` operator is mostly used for triggering the query side-effect without actually returning the results back to the caller. -The `consume` operator can be used for estimating the -cost of a query without actually delivering the results back to the client. -(The estimation isn't exact for various reasons; for example, `consume` -is calculated distributively, so `T | consume` won't transmit the table's -data between the nodes of the cluster.) +The `consume` operator can be used for estimating the cost of a query without actually delivering the results back to the client. +(The estimation isn't exact for various reasons; for example, `consume` is calculated distributively, so `T | consume` won't transmit the table's data between the nodes of the cluster.) ## Syntax @@ -32,9 +29,13 @@ data between the nodes of the cluster.) |--|--|--|--| | *DecodeBlocks* | `bool` | | If set to `true`, or if the request property `perftrace` is set to `true`, the `consume` operator won't just enumerate the records at its input, but actually force each value in those records to be decompressed and decoded.| -## Example +### Returns -The following example consumes the results of a query without returning any data to the client. +The `consume` operator returns the same tabular data stream as its input, but it doesn't return the data to the client. + +## Examples + +The following example shows how to use the `consume` operator to trigger the query side-effect without actually returning the results back to the caller. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -47,5 +48,7 @@ StormEvents | consume ``` +In this example, the query filters the `StormEvents` table for rows where the `State` is "TEXAS" and then applies the `consume` operator. The data is processed, but no results are returned to the client. + **Output** -No rows to show. +The results table is empty, as the `consume` operator does not return any data to the client. diff --git a/data-explorer/kusto/query/distinct-operator.md b/data-explorer/kusto/query/distinct-operator.md index 699ec5608f..8bd6de5f60 100644 --- a/data-explorer/kusto/query/distinct-operator.md +++ b/data-explorer/kusto/query/distinct-operator.md @@ -28,9 +28,9 @@ Produces a table with the distinct combination of the provided columns of the in > [!NOTE] > The `distinct` operator supports providing an asterisk `*` as the group key to denote all columns, which is helpful for wide tables. -## Example +## Examples -Shows distinct combination of states and type of events that led to over 45 direct injuries. +The following example shows how to use the `distinct` operator to create a table with the distinct combination of the columns of the input table. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/geo-s2cell-to-central-point-function.md b/data-explorer/kusto/query/geo-s2cell-to-central-point-function.md index c2a71f2ad4..16858b6317 100644 --- a/data-explorer/kusto/query/geo-s2cell-to-central-point-function.md +++ b/data-explorer/kusto/query/geo-s2cell-to-central-point-function.md @@ -34,6 +34,8 @@ The geospatial coordinate values in [GeoJSON Format](https://tools.ietf.org/html ## Examples +The following example calculates the geospatial coordinates that represent the center of an S2 cell. + :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] > Run the query diff --git a/data-explorer/kusto/query/geo-s2cell-to-polygon-function.md b/data-explorer/kusto/query/geo-s2cell-to-polygon-function.md index a22c79eabb..f0a1bf6711 100644 --- a/data-explorer/kusto/query/geo-s2cell-to-polygon-function.md +++ b/data-explorer/kusto/query/geo-s2cell-to-polygon-function.md @@ -9,7 +9,7 @@ ms.date: 08/11/2024 > [!INCLUDE [applies](../includes/applies-to-version/applies.md)] [!INCLUDE [fabric](../includes/applies-to-version/fabric.md)] [!INCLUDE [azure-data-explorer](../includes/applies-to-version/azure-data-explorer.md)] [!INCLUDE [monitor](../includes/applies-to-version/monitor.md)] [!INCLUDE [sentinel](../includes/applies-to-version/sentinel.md)] -Calculates the polygon that represents the S2 Cell rectangular area. +Calculates the polygon that represents the S2 Cell rectangular area. Read more about [S2 Cells](http://s2geometry.io/devguide/s2cell_hierarchy). @@ -34,6 +34,8 @@ Polygon in [GeoJSON Format](https://tools.ietf.org/html/rfc7946) and of a [dynam ## Examples +The following example calculates the polygon that represents the S2 Cell rectangular area. + :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] > Run the query diff --git a/data-explorer/kusto/query/geospatial-visualizations.md b/data-explorer/kusto/query/geospatial-visualizations.md index 29268c2a30..55cd055e78 100644 --- a/data-explorer/kusto/query/geospatial-visualizations.md +++ b/data-explorer/kusto/query/geospatial-visualizations.md @@ -10,15 +10,11 @@ ms.date: 02/26/2025 > [!INCLUDE [applies](../includes/applies-to-version/applies.md)] [!INCLUDE [fabric](../includes/applies-to-version/fabric.md)] [!INCLUDE [azure-data-explorer](../includes/applies-to-version/azure-data-explorer.md)] [!INCLUDE [monitor](../includes/applies-to-version/monitor.md)] [!INCLUDE [sentinel](../includes/applies-to-version/sentinel.md)] -Geospatial data can be visualized as part of your query using the [render operator](render-operator.md) as [points](#example-visualize-points-on-a-map), [pies, or bubbles](#visualization-of-pies-or-bubbles-on-a-map) on a map. +Geospatial data can be visualized as part of your query using the [render operator](render-operator.md) as points, pies, or bubbles on a map. For more information about geospatial clustering, see [Geospatial clustering](geospatial-grid-systems.md). -## Visualize points on a map - -You can visualize points either using [Longitude, Latitude] columns, or GeoJSON column. Using a series column is optional. The [Longitude, Latitude] pair defines each point, in that order. - -### Example: Visualize points on a map +## Examples The following example finds storm events and visualizes 100 on a map. @@ -36,8 +32,6 @@ StormEvents :::image type="content" source="media/geo-visualizations/storm-events-sample.png" alt-text="Screenshot of sample storm events on a map."::: -### Example: Visualize multiple series of points on a map - The following example visualizes multiple series of points, where the [Longitude, Latitude] pair defines each point, and a third column defines the series. In this example, the series is `EventType`. :::moniker range="azure-data-explorer" @@ -54,8 +48,6 @@ StormEvents :::image type="content" source="media/geo-visualizations/storm-events-series-sample.png" alt-text="Screenshot of sample storm series events on a map."::: -### Example: Visualize series of points on data with multiple columns - The following example visualizes a series of points on a map. If you have multiple columns in the result, you must specify the columns to be used for xcolumn (Longitude), ycolumn (Latitude), and series. > [!NOTE] @@ -69,8 +61,6 @@ StormEvents :::image type="content" source="media/geo-visualizations/storm-events-series-sample.png" alt-text="Screenshot of sample storm series events using arguments."::: -### Example: Visualize points on a map defined by GeoJSON dynamic values - The following example visualizes points on the map using GeoJSON dynamic values to define the points. :::moniker range="azure-data-explorer" @@ -88,11 +78,6 @@ StormEvents :::image type="content" source="media/geo-visualizations/storm-events-s2cell.png" alt-text="Screenshot of sample storm GeoJSON events."::: -## Visualization of pies or bubbles on a map - -You can visualize pies or bubbles either using [Longitude, Latitude] columns, or GeoJSON column. These visualizations can be created with color or numeric axes. - -### Example: Visualize pie charts by location The following example shows storm events aggregated by S2 cells. The chart aggregates events in bubbles by location in one color. @@ -113,8 +98,6 @@ StormEvents :::image type="content" source="media/geo-visualizations/storm-events-bubble.png" alt-text="Screenshot of storm events on a bubble map."::: -### Example: Visualize bubbles using a color axis - The following example shows storm events aggregated by S2 cells. The chart aggregates events by event type in pie charts by location. > [!NOTE] diff --git a/data-explorer/kusto/query/getschema-operator.md b/data-explorer/kusto/query/getschema-operator.md index 3181033992..1d667a4d52 100644 --- a/data-explorer/kusto/query/getschema-operator.md +++ b/data-explorer/kusto/query/getschema-operator.md @@ -17,7 +17,9 @@ Produce a table that represents a tabular schema of the input. [!INCLUDE [syntax-conventions-note](../includes/syntax-conventions-note.md)] -## Example +## Examples + +The following example creates a tabular schema of the input. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/gettype-function.md b/data-explorer/kusto/query/gettype-function.md index ff2354b648..12f476b8f7 100644 --- a/data-explorer/kusto/query/gettype-function.md +++ b/data-explorer/kusto/query/gettype-function.md @@ -31,6 +31,9 @@ A string representing the runtime type of *value*. ## Examples +The following example shows the runtime type of various expressions. + + |Expression |Returns | |------------------------------------|-------------| |`gettype("a")` |`string` | diff --git a/data-explorer/kusto/query/getyear-function.md b/data-explorer/kusto/query/getyear-function.md index f9cfd06ce3..30a8878c5a 100644 --- a/data-explorer/kusto/query/getyear-function.md +++ b/data-explorer/kusto/query/getyear-function.md @@ -27,7 +27,9 @@ Returns the year part of the `datetime` argument. The year that contains the given *date*. -## Example +## Examples + +The following example returns the year of the given date. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] diff --git a/data-explorer/kusto/query/graph-mark-components-operator.md b/data-explorer/kusto/query/graph-mark-components-operator.md index 8117e93fc7..3465f78bd6 100644 --- a/data-explorer/kusto/query/graph-mark-components-operator.md +++ b/data-explorer/kusto/query/graph-mark-components-operator.md @@ -32,10 +32,6 @@ The `graph-mark-components` operator returns a *graph* result, where each node h ## Examples -The examples in this section show how to use the syntax to help you get started. - -### Find families by their relationships - The following example creates a graph from a set of child-parent pairs and identifies connected components using a `family` identifier. :::moniker range="azure-data-explorer" @@ -78,8 +74,6 @@ ChildOf |Mallory|1| |Kirk|1| -### Find a greatest common ancestor for each family - The following example uses the connected component `family` identifier and the `graph-match` operator to identify the greatest ancestor of each family in a set of child-parent data. :::moniker range="azure-data-explorer" diff --git a/data-explorer/kusto/query/graph-match-operator.md b/data-explorer/kusto/query/graph-match-operator.md index 59779b6de4..942a1ca74c 100644 --- a/data-explorer/kusto/query/graph-match-operator.md +++ b/data-explorer/kusto/query/graph-match-operator.md @@ -59,10 +59,6 @@ The returned columns are defined in the operator's `project` clause using proper ## Examples -The examples in this section show how to use the syntax to help you get started. - -### All employees in a manager's organization - The following example represents an organizational hierarchy. It demonstrates how a variable length edge could be used to find employees of different levels of the hierarchy in a single query. The nodes in the graph represent employees and the edges are from an employee to their manager. After we build the graph using `make-graph`, we search for employees in `Alice`'s organization that are younger than `30`. :::moniker range="azure-data-explorer" @@ -106,8 +102,6 @@ reports |Eve|27|[
"Alice",
"Bob"
]| |Ben|23|[
"Alice",
"Chris"
]| -### Attack path - The following example builds a graph from the `Actions` and `Entities` tables. The entities are people and systems, and the actions describe different relations between entities. Following the `make-graph` operator that builds the graph is a call to `graph-match` with a graph pattern that searches for attack paths to the `"Apollo"` system. :::moniker range="azure-data-explorer" @@ -146,8 +140,6 @@ Actions |---|---|---| |Mallory|Bob|Apollo| -### Star pattern - The following example is similar to the previous attack path example, but with an extra constraint: we want the compromised entity to also communicate with *Alice*. The `graph-match` pattern prefix is the same as the previous example and we add another sequence with the *compromised* as a link between the sequences. :::moniker range="azure-data-explorer" @@ -186,7 +178,6 @@ Actions |---|---|---| |Mallory|Bob|Apollo| - ## Related content * [Graph operators](graph-operators.md) diff --git a/data-explorer/kusto/query/graph-shortest-paths-operator.md b/data-explorer/kusto/query/graph-shortest-paths-operator.md index ff894c4f7e..40ca852b05 100644 --- a/data-explorer/kusto/query/graph-shortest-paths-operator.md +++ b/data-explorer/kusto/query/graph-shortest-paths-operator.md @@ -51,10 +51,6 @@ The `graph-shortest-paths` operator returns a tabular result, where each record ## Examples -This section provides practical examples demonstrating how to use the `graph-shortest-paths` operator in different scenarios. - -### Find `any` shortest path between two train stations - The following example demonstrates how to use the `graph-shortest-paths` operator to find the shortest path between two stations in a transportation network. The query constructs a graph from the data in `connections` and finds the shortest path from the `"South-West"` to the `"North"` station, considering paths up to five connections long. Since the default output is `any`, it finds any shortest path. :::moniker range="azure-data-explorer" @@ -91,8 +87,6 @@ connections |---|---|---|---| |South-West|[
"South",
"Central",
"North"
]|[
"red",
"red",
"red"
]|North| -### Find all shortest paths between two train stations - The following example, like the previous example, finds the shortest paths in a transportation network. However, it uses `output=all`, so returns all shortest paths. :::moniker range="azure-data-explorer" diff --git a/data-explorer/kusto/query/graph-to-table-operator.md b/data-explorer/kusto/query/graph-to-table-operator.md index f7b467cdda..023d331a10 100644 --- a/data-explorer/kusto/query/graph-to-table-operator.md +++ b/data-explorer/kusto/query/graph-to-table-operator.md @@ -53,11 +53,7 @@ The `graph-to-table` operator returns two tabular results, matching the previous ## Examples -The following examples use the `make-graph` operator to build a graph from edges and nodes tables. The nodes represent people and systems, and the edges are different relations between nodes. Then, each example shows a different usage of `graph-to-table`. - -### Get edges - -In this example, the `graph-to-table` operator exports the edges from a graph to a table. The `with_source_id` and `with_target_id` parameters export the node hash for source and target nodes of each edge. +The following example denonstrates how the `graph-to-table` operator exports the edges from a graph to a table. The `with_source_id` and `with_target_id` parameters export the node hash for source and target nodes of each edge. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -100,7 +96,7 @@ edges ### Get nodes -In this example, the `graph-to-table` operator exports the nodes from a graph to a table. The `with_node_id` parameter exports the node hash. +The following example shows how the `graph-to-table` operator exports the nodes from a graph to a table. The `with_node_id` parameter exports the node hash. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"] @@ -139,9 +135,7 @@ edges |2533909231875758225|Trent|System|99| |3855580634910899594|Mallory||| -### Get nodes and edges - -In this example, the `graph-to-table` operator exports the nodes and edges from a graph to a table. +The following example uses the `graph-to-table` operator to export the nodes and edges from a graph to a table. :::moniker range="azure-data-explorer" > [!div class="nextstepaction"]