I am always flicking between different technologies and languages. It is a sweeping statement but they all pretty much share the same ideas.
The Azure App-insights uses “Kusto Query Language (KQL)”
Basic stuff below
This returns ALL rows from all tables — very inefficient where the value is ‘web app
Returns ALL rows from all tables — very very inefficientsearch *
search "Web App"
Distinct
Listing distinct ‘cloud role’ names
customEvents
| distinct cloud_RoleNameSearch a table and return all rows with cloud role name
browserTimings
| where cloud_RoleName == "Web App"Date range
Search a table and return all rows with cloud role name within the last 15 days
customEvents
| where cloud_RoleName == "Web App"
| where timestamp > ago(15d)For hours and minutes use
| where timestamp > ago(15h)
| where timestamp > ago(15m)Counts and Groups
Group and count based on a single key e.g. cloud role name and tally
customEvents
| summarize Count = count() by cloud_RoleNameCustom fields
Search a custom field/object
customEvents. These are strings of JSON data
| extend name = tostring(customDimensions["customProperty"])
| where name == "video-played"
| count