KQL Queryset definition
This article provides a breakdown of the structure for Real-Time Queryset (KQL Queryset) definition items.
Supported formats
KQLQuerysetDefinition items support the JSON format.
Definition parts
The definition of a Real-Time Queryset item is constructed as follows:
- Path: The path to the file that contains the JSON definition.
- Payload: See Example of payload content decoded from Base64
- PayloadType: InlineBase64
Example of payload content decoded from Base64
The following example payload is a JSON object that describes a Queryset containing a single tab with the query StormEvents | count.
{
"queryset": {
"version": "1.0.0",
"dataSources": [{
"id": "c2434bf8-25bb-4aa0-8746-db470533adaf",
"clusterUri": "https://help.kusto.windows.net/",
"type": "AzureDataExplorer",
"databaseName": "Samples"
}
],
"tabs": [{
"id": "ccd7b90c-51fe-429f-a853-385b02bd74c9",
"content": "StormEvents\\\\n| count",
"title": "Tab1Name",
"dataSourceId": "c2434bf8-25bb-4aa0-8746-db470533adaf"
}
]
}
}
Definition example
{
"parts": [{
"path": "RealTimeQueryset.json",
"payload": "ewogICAgInF1ZXJ5c2V0IjogewogICAgICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICAgICAiZGF0YVNvdXJjZXMiOiBbewogICAgICAgICAgICAgICAgImlkIjogImMyNDM0YmY4LTI1YmItNGFhMC04NzQ2LWRiNDcwNTMzYWRhZiIsCiAgICAgICAgICAgICAgICAiY2x1c3RlclVyaSI6ICJodHRwczovL2hlbHAua3VzdG8ud2luZG93cy5uZXQvIiwKICAgICAgICAgICAgICAgICJ0eXBlIjogIkF6dXJlRGF0YUV4cGxvcmVyIiwKICAgICAgICAgICAgICAgICJkYXRhYmFzZU5hbWUiOiAiU2FtcGxlcyIKICAgICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgInRhYnMiOiBbewogICAgICAgICAgICAgICAgImlkIjogImNjZDdiOTBjLTUxZmUtNDI5Zi1hODUzLTM4NWIwMmJkNzRjOSIsCiAgICAgICAgICAgICAgICAiY29udGVudCI6ICJTdG9ybUV2ZW50c1xcXFxufCBjb3VudCIsCiAgICAgICAgICAgICAgICAidGl0bGUiOiAiVGFiMU5hbWUiLAogICAgICAgICAgICAgICAgImRhdGFTb3VyY2VJZCI6ICJjMjQzNGJmOC0yNWJiLTRhYTAtODc0Ni1kYjQ3MDUzM2FkYWYiCiAgICAgICAgICAgIH0KICAgICAgICBdCiAgICB9Cn0=",
"payloadType": "InlineBase64"
},
{
"path": ".platform",
"payload": "ZG90UGxhdGZvcm1CYXNlNjRTdHJpbmc=",
"payloadType": "InlineBase64"
}
]
}