## Downloaded from [https://notebooks.azure.com/ManojRaheja/projects/KustoMagicSamples/html/Getting%20Started%20with%20kqlmagic%20on%20Azure%20Data%20Explorer.ipynb](https://notebooks.azure.com/ManojRaheja/projects/KustoMagicSamples/html/Getting%20Started%20with%20kqlmagic%20on%20Azure%20Data%20Explorer.ipynb)

  

## Edited by Taiob Ali

### November 20th 2020

  

# Introduction

Jupyter supports magic functions that extends the capabilities of kernel by supporting additional commands that are not natively supported by the kernel. kqlmagic helps you to extend the capabilities of Python kernel in Jupyter Notebook and allows you to run Kusto Query Language queries natively. It supports Azure Data Explorer, Application Insights, and Log Analytics as data sources to run queries against.

This tutorial demonstrates some of the key capabilities of kqlmagic querying data from Azure Data Explorer. Please refer the following sample notebooks to learn all the available commands.

- [Get Started with Kqlmagic for Azure Data Explorer](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStart.ipynb)
- [Get Started with Kqlmagic for Application Insights](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStartAI.ipynb)
- [Get Started with Kqlmagic for Log Analytics](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStartLA.ipynb)
- [Parametrize your Kqlmagic query with Python](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FParametrizeYourQuery.ipynb)
- [Choose colors palette for your Kqlmagic query chart result](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FColorYourCharts.ipynb)

# Prerequisite

### Install kqlmagic library

In [None]:
!pip install Kqlmagic --no-cache-dir  --upgrade

### Load kqlmagic

In [None]:
reload_ext Kqlmagic

## Connect to the Azure Data Explorer Help cluster

Following command connect to the Samples database hosted on Help cluster. For non-Microsoft AAD users, please replace the tenant name “Microsoft.com” with your AAD Tenant.

In [None]:
%kql AzureDataExplorer://tenant="Microsoft.com";code;cluster='help';database='Samples'

# Query and visualize

In this section we will look at how to query and visualize data using kql render command and visualize data using ploy.ly library. All with an integrated experience using native KQL <a href="https://docs.microsoft.com/azure/kusto/query/renderoperator" data-href="https://docs.microsoft.com/azure/kusto/query/renderoperator" title="https://docs.microsoft.com/azure/kusto/query/renderoperator">render operator.</a> kqlmagic supports most charts except timepivot, pivotchart, and ladderchart and all render with attributes are supported except: kind, ysplit, and accumulate.

### Query and render piechart

In [None]:
%%kql 
StormEvents 
| summarize statecount=count() by State
| sort by statecount 
| limit 10

### Query and render timechart

Here is another example of rendering timechart. These charts are interactive, try zooming in a specific time by selecting the time range.

In [None]:
%%kql
StormEvents
| summarize count() by bin(StartTime,7d)
| render timechart

# Customize the chart colors

If you don’t like the default color plate, you can customize the charts by setting the palette options. Let’s look at all the palette available to us. To learn more, please refer this sample notebook: <a href="https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FColorYourCharts.ipynb" data-href="https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FColorYourCharts.ipynb" title="https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FColorYourCharts.ipynb">Choose colors palette for your Kqlmagic query chart result</a>

In [None]:
%kql --palettes -popup_window

Let’s choose “cool” color palettes and render the query again.

In [None]:
%%kql -palette_name "cool"
StormEvents 
| summarize statecount=count() by State
| sort by statecount 
| limit 10
| render piechart title="My Pie Chart by State"

# Connect to demo workspace <a href="https://aka.ms/LADemo" data-href="https://aka.ms/LADemo" title="https://aka.ms/LADemo">https://aka.ms/LADemo</a>.

In [None]:
%kql loganalytics://workspace='DEMO_WORKSPACE';appkey='DEMO_KEY';alias='myworkspace'

# Query Demo workspace

Take/Limit are synonyms ([https://docs.microsoft.com/en-us/azure/kusto/query/takeoperator](https://docs.microsoft.com/en-us/azure/kusto/query/takeoperator))

Take isused to graba random number of rows from the input data

There is no guarantee which records are returned, unless the source data is sorted

Take can be combined with other language operators

In [None]:
%%kql
AzureMetrics
| where TimeGenerated >= ago(1h)
| where (MetricName == "CPU Credits Remaining"
         or
         MetricName == "Percentage CPU"
         )
| where Average > 10
| take 10

# How To Connect to Log Analytics Workspace

## Connecting using client secret

To understand details about the connection string I followed the document [Connecting to Log Analytics using Azure Data Studio and KQL](https://www.red-gate.com/simple-talk/blogs/connecting-log-analytics-using-azure-data-studio-kql/) by Dennes Torres

You need change the values as described in the above article in order for this to work.

In [None]:
%kql loganalytics://tenant='d5b50601-6698-4f8f-beb6-1799fee4dc80';clientid='7b1fcde4-b8c5-479d-9896-5c767a19fe7a';clientsecret='f.4g9_kHqq1AU48M90T8kilP~_VsRnd9om';workspace='576e1cba-2d04-459e-b457-fe157e632dea';alias='Sqlalertdemo2'

## Connecting using user authentication

Ref: [Demo: Querying Log Analytics with Kqlmagic with AAD User Auth](https://github.com/MsSQLGirl/jubilant-data-wizards/blob/main/Simple%20Demo/KQL%20Notebooks/Demo-KqlmagicLogAnalyticsWithUserAuth.ipynb)

In [None]:
%kql loganalytics://code;tenant='d5b50601-6698-4f8f-beb6-1799fee4dc80';workspace='e196c4e4-0aee-4f03-bb73-d20651fe8e48';alias='demoAlias'

### Looking it top 10 collected metrics in last 24 hours

In [None]:
%%kql
AzureMetrics 
| where TimeGenerated > ago(24h) 
| limit 10

### Looking at Deadlock for last one hour

In [None]:
%%kql
AzureDiagnostics 
| where  Category == 'Deadlocks' 
| where TimeGenerated > ago(1h)

# Next steps

Run the help command to know more and explore the following sample notebooks that contains all the supported features.

- [Get Started with Kqlmagic for Azure Data Explorer](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStart.ipynb)
- [Get Started with Kqlmagic for Application Insights](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStartAI.ipynb)
- [Get Started with Kqlmagic for Log Analytics](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FQuickStartLA.ipynb)
- [Parametrize your Kqlmagic query with Python](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FParametrizeYourQuery.ipynb)
- [Choose colors palette for your Kqlmagic query chart result](https://mybinder.org/v2/gh/Microsoft/jupyter-Kqlmagic/master?filepath=notebooks%2FColorYourCharts.ipynb)

In [None]:
%kql --help "help"