Mirrors/marcredhat-kql
1
0
Fork 0
mirror of https://github.com/marcredhat/kql synced 2026-06-09 05:27:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit: KQL ↔ SDL PowerQuery proof of equivalence

Browse Source
This commit is contained in:
marc
2026-06-01 09:57:14 +02:00
commit 23cbaa9c08
91 changed files with 5966 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
reports/debug_pq.log
+30
View File
@@ -0,0 +1,30 @@
/Users/marc.chisinevski/.venvs/azcli/lib/python3.9/site-packages/urllib3/__init__.py:35: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
warnings.warn(
================================================================================
# any serverHost=kql-proof
query: serverHost='kql-proof' | columns event_type, UserPrincipalName, ts_epoch_ms | limit 5
status=success matching=0.0 rows=0 took=8.7s
================================================================================
# count by event_type
query: serverHost='kql-proof' | group n=count() by event_type
status=success matching=0.0 rows=0 took=7.0s
================================================================================
# SigninLogs by user
query: serverHost='kql-proof' event_type='SigninLogs' | group n=count() by UserPrincipalName
status=success matching=0.0 rows=0 took=7.4s
================================================================================
# SigninLogs min/max ts_epoch_ms
query: serverHost='kql-proof' event_type='SigninLogs' | group mn=min(ts_epoch_ms), mx=max(ts_epoch_ms), n=count()
status=success matching=0.0 rows=0 took=4.1s
================================================================================
# recent SigninLogs (no time filter)
query: serverHost='kql-proof' event_type='SigninLogs' Location='RU' | columns UserPrincipalName, Location | limit 10
status=success matching=0.0 rows=0 took=3.7s
================================================================================
# SecurityEvent EventID column type
query: serverHost='kql-proof' event_type='SecurityEvent' | columns EventID, NewProcessName | limit 5
status=success matching=0.0 rows=0 took=3.3s
================================================================================
# Audit OperationName
query: serverHost='kql-proof' event_type='AuditLogs' | columns OperationName | limit 10
status=success matching=0.0 rows=0 took=3.5s