azure-data-explorerkql
How do I mention fields in kusto that has a dot or period?
I am ingesting data from telegraf to ADX. my data has a json field called tag.
tag:{org.siteid:"lalala","org.subsid":"xyz"}
So, i am trying to form a kusto query to look for a particular site. but I am unable to escape the dot in the field name "org.siteid"
.
this is what i tried:
tablename
| where fields.attempt == 0 and tags."org.siteid" contains "car";
tablename
| where fields.registration_management_requests == 0 and tags.org\.siteid contains "car";
Solution
To refer columns which contains dot then you can use them like ['field.name'].
Below is query with sample data.
Query
datatable (TimeGenerated : datetime , Type : string , ['User.PrincipalName'] : string )
[
datetime(2007-04-03 00:00:00.0000000), "type1", "UserPrincipalName1",
datetime(2007-04-03 01:00:00.0000000), "type1", "UserPrincipalName1",
datetime(2007-04-05 02:00:00.0000000), "type1", "UserPrincipalName2",
datetime(2007-04-05 06:00:00.0000000), "type1", "UserPrincipalName1",
datetime(2007-04-05 06:00:00.0000000), "type1", "UserPrincipalName1"
]
| where Type == "type1"
and ['User.PrincipalName'] == "UserPrincipalName1"
Result
