Updated units for clarity and improved Acrolinx scores

Author: Ken Lawson

learn-pr/wwl-sci/analyze-results-kusto-query-language/1-introduction.yml

@@ -4,8 +4,8 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 06/20/2022
-  author: wwlpublish
+  ms.date: 04/18/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/analyze-results-kusto-query-language/2-use-summarize-operator.yml

@@ -4,8 +4,8 @@ title: Use the summarize operator
 metadata:
   title: Use the summarize operator
   description: "Use the summarize operator"
-  ms.date: 06/20/2022
-  author: wwlpublish
+  ms.date: 04/18/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/analyze-results-kusto-query-language/includes/1-introduction.md

@@ -2,7 +2,7 @@ Kusto Query Language (KQL) is the query language used to perform analysis on dat
 
 You're a Security Operations Analyst working at a company that is implementing Microsoft Sentinel. You're responsible for performing log data analysis to search for malicious activity, display visualizations, and perform threat hunting.  To query log data, you use the Kusto Query Language (KQL). You write KQL statements that aggregate and correlate data that allows for pattern detection. One such aggregation might be the number of failed logons. This information, combined with a predetermined threshold, can be used to generate an alert for "Account with over 10 failed logons in the past hour" as an example.  
 
-The KQL summarize operator performs the calculations. To quickly see a pattern, an analyst can visualize the results in a graph. The KQL render operator performs the visualization. Combining the summarize and render operators provides the foundation for advanced visualizations, including time bucketing and time slicing.
+The KQL summarize operator performs the calculations, and produces a table that aggregates the contents of the input table. To quickly see a pattern, an analyst can visualize the results in a graph. The KQL render operator performs the visualization. Combining the summarize and render operators provides the foundation for advanced visualizations, including time bucketing and time slicing.
 
 >[!TIP]
->You can test the following KQL query examples in the [LA Demo site](https://ms.portal.azure.com/#view/Microsoft_OperationsManagementSuite_Workspace/LogsDemo.ReactView/). If you receive the message "No results found", try changing the time range.
+>You can test the following KQL query examples in the [LA Demo site](https://ms.portal.azure.com/#view/Microsoft_OperationsManagementSuite_Workspace/LogsDemo.ReactView/). If you receive the message "No results found," try changing the time range.

learn-pr/wwl-sci/analyze-results-kusto-query-language/includes/2-use-summarize-operator.md

@@ -1,8 +1,8 @@
-The count operator with its variations creates a new column with the calculated result for the specified fields.
+You use the summarize operator with other operators like the count operator. The count operator with its variations creates a new column with the calculated result for the specified fields.
 
 The first statement below returns one column that is a unique list of Activity column values.
 
-The second statement returns a count of SecurityEvent rows where EventID equals 4688, and the count is grouped by Process and Computer.  Because of the by clause, the result set contains three columns: Process, Computer, Count.
+The second statement returns a count of SecurityEvent rows where EventID equals 4688, and the count is grouped by Process and Computer. Because of the by clause, the result set contains three columns: Process, Computer, Count.
 
 Run each Query separately to see the results.
 
@@ -33,7 +33,7 @@ The example below is a partial list of the most common simple aggregate function
 
 An aggregate function column can be explicitly named by including the "fieldname=" before the aggregate function.
 
-The KQL statement returns three columns: "cnt", "AccountType", and "Computer".  The "cnt" field name replaces the default "count_" name.
+The KQL statement returns three columns: "cnt," "AccountType," and "Computer."  The "cnt" field name replaces the default "count_" name.
 
 ```kusto
 SecurityEvent
@@ -57,7 +57,7 @@ SecurityEvent
 
 The following statement is a rule to detect Invalid Password failures across multiple applications for the same account.
 
-The where operator for ResultDescription filters the result set for results including "Invalid password".  Next, the statement "summarize" produces a distinct count of application names and group by User and IP Address.  Finally, there's a check against a variable created (threshold) to see if the number exceeds the allowed amount.
+The where operator for ResultDescription filters the result set for results including "Invalid password." Next, the statement "summarize" produces a distinct count of application names and group by User and IP Address. Finally, there's a check against a variable created (threshold) to see if the number exceeds the allowed amount.
 
 ```kusto
 let timeframe = 30d;

learn-pr/wwl-sci/analyze-results-kusto-query-language/index.yml

@@ -3,8 +3,8 @@ uid: learn.wwl.analyze-results-kql
 metadata:
   title: Analyze query results using KQL
   description: "Analyze query results using KQL"
-  ms.date: 09/12/2024
-  author: wwlpublish
+  ms.date: 04/18/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: module
   ms.service: kusto