azureazure-application-insightsazure-data-explorerkql
How to loop an array in Krusto Query for Azure App Insight data?
I have encountered a problem which is I have an array of id, I need to filter the output of the query using the id. How can I do it in Krusto because I do not found any operators regarding to loop or foreach.
For example, now I have an array of
let id=dynamic(['X0001', 'X0002', 'X0003'])
Then I will have to filter the output like
myDatabase
| where message has id
| project timestamp, message
I expect the output will be the rows that already filtered the message have existence of any id in the array. So I will have to loop the id in the array and check whether it is exist inside the message property or not
How can I achieve this? Really appreciates any helps!
Solution
Use the has_any operator instead of has operator.
Change your query like below:
let id=dynamic(['X0001', 'X0002', 'X0003']);
myDatabase
| where message has_any (id)
| project timestamp, message
Here is the example from official doc:
