Functions library
Applies to: ✅ Microsoft Fabric ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
The following article contains a categorized list of UDF (user-defined functions).
The user-defined functions code is given in the articles. It can be used within a let statement embedded in a query or can be persisted in a database using .create function
.
Cybersecurity functions
Function Name | Description |
---|---|
detect_anomalous_new_entity_fl() | Detect the appearance of anomalous new entities in timestamped data. |
graph_path_discovery_fl() | Discover valid paths between relevant endpoints (sources and targets) over graph data (edge and nodes). |
General functions
Function Name | Description |
---|---|
geoip_fl() | Retrieves geographic information of ip address. |
get_packages_version_fl() | Returns version information of the Python engine and the specified packages. |
Machine learning functions
Function Name | Description |
---|---|
dbscan_fl() | Clusterize using the DBSCAN algorithm, features are in separate columns. |
dbscan_dynamic_fl() | Clusterize using the DBSCAN algorithm, features are in a single dynamic column. |
kmeans_fl() | Clusterize using the K-Means algorithm, features are in separate columns. |
kmeans_dynamic_fl() | Clusterize using the K-Means algorithm, features are in a single dynamic column. |
predict_fl() | Predict using an existing trained machine learning model. |
predict_onnx_fl() | Predict using an existing trained machine learning model in ONNX format. |
Plotly functions
The following section contains functions for rendering interactive Plotly charts.
Function Name | Description |
---|---|
plotly_anomaly_fl() | Render anomaly chart using a Plotly template. |
plotly_gauge_fl() | Render gauge chart using a Plotly template. |
plotly_scatter3d_fl() | Render 3D scatter chart using a Plotly template. |
PromQL functions
The following section contains common PromQL functions. These functions can be used for analysis of metrics ingested to your database by the Prometheus monitoring system. All functions assume that metrics in your database are structured using the Prometheus data model.
Function Name | Description |
---|---|
series_metric_fl() | Select and retrieve time series stored with the Prometheus data model. |
series_rate_fl() | Calculate the average rate of counter metric increase per second. |
Series processing functions
Function Name | Description |
---|---|
quantize_fl() | Quantize metric columns. |
series_clean_anomalies_fl() | Replace anomalies in a series by interpolated value. |
series_cosine_similarity_fl() | Calculate the cosine similarity of two numerical vectors. |
series_dbl_exp_smoothing_fl() | Apply a double exponential smoothing filter on series. |
series_dot_product_fl() | Calculate the dot product of two numerical vectors. |
series_downsample_fl() | Downsample time series by an integer factor. |
series_exp_smoothing_fl() | Apply a basic exponential smoothing filter on series. |
series_fit_lowess_fl() | Fit a local polynomial to series using LOWESS method. |
series_fit_poly_fl() | Fit a polynomial to series using regression analysis. |
series_fbprophet_forecast_fl() | Forecast time series values using the Prophet algorithm. |
series_lag_fl() | Apply a lag filter on series. |
series_monthly_decompose_anomalies_fl() | Detect anomalies in a series with monthly seasonality. |
series_moving_avg_fl() | Apply a moving average filter on series. |
series_moving_var_fl() | Apply a moving variance filter on series. |
series_mv_ee_anomalies_fl() | Multivariate Anomaly Detection for series using elliptical envelope model. |
series_mv_if_anomalies_fl() | Multivariate Anomaly Detection for series using isolation forest model. |
series_mv_oc_anomalies_fl() | Multivariate Anomaly Detection for series using one class SVM model. |
series_rolling_fl() | Apply a rolling aggregation function on series. |
series_shapes_fl() | Detects positive/negative trend or jump in series. |
series_uv_anomalies_fl() | Detect anomalies in time series using the Univariate Anomaly Detection Cognitive Service API. |
series_uv_change_points_fl() | Detect change points in time series using the Univariate Anomaly Detection Cognitive Service API. |
time_weighted_avg_fl() | Calculates the time weighted average of a metric using fill forward interpolation. |
time_weighted_avg2_fl() | Calculates the time weighted average of a metric using linear interpolation. |
time_weighted_val_fl() | Calculates the time weighted value of a metric using linear interpolation. |
time_window_rolling_avg_fl() | Calculates the rolling average of a metric over a constant duration time window. |
Statistical and probability functions
Function Name | Description |
---|---|
bartlett_test_fl() | Perform the Bartlett test. |
binomial_test_fl() | Perform the binomial test. |
comb_fl() | Calculate C(n, k), the number of combinations for selection of k items out of n. |
factorial_fl() | Calculate n!, the factorial of n. |
ks_test_fl() | Perform a Kolmogorov Smirnov test. |
levene_test_fl()n | Perform a Levene test. |
normality_test_fl() | Performs the Normality Test. |
mann_whitney_u_test_fl() | Perform a Mann-Whitney U Test. |
pair_probabilities_fl() | Calculate various probabilities and related metrics for a pair of categorical variables. |
pairwise_dist_fl() | Calculate pairwise distances between entities based on multiple nominal and numerical variables. |
percentiles_linear_fl() | Calculate percentiles using linear interpolation between closest ranks |
perm_fl() | Calculate P(n, k), the number of permutations for selection of k items out of n. |
two_sample_t_test_fl() | Perform the two sample t-test. |
wilcoxon_test_fl() | Perform the Wilcoxon Test. |
Text analytics
Function Name | Description |
---|---|
log_reduce_fl() | Find common patterns in textual logs and output a summary table. |
log_reduce_full_fl() | Find common patterns in textual logs and output a full table. |
log_reduce_predict_fl() | Apply a trained model to find common patterns in textual logs and output a summary table. |
log_reduce_predict_full_fl() | Apply a trained model to find common patterns in textual logs and output a full table. |
log_reduce_train_fl() | Find common patterns in textual logs and output a model. |