Home > Blockchain >  Passing Query Result to a function as a parameter Kusto
Passing Query Result to a function as a parameter Kusto

Time:12-25

I want to create a function that allows me to pass the tabular result of a query as a parameter without specifying the table column names.

This is what I want as a result:

let Func = (T) {
   T
   | where Source has_any ("value")
};

let EventVar = Event | where TimeGenerated > ago(30d);

Func (EventVar);

CodePudding user response:

You do not need to specify all columns in the tabular parameter schema, only those columns that you need to use inside the function.

For example, this is how your query can look like:

let CustomFunc = (T:(Source:string)) {
   T | where Source has_any ("value")
};

let EventVar = Event | where TimeGenerated > ago(30d);

CustomFunc(EventVar);

The query above will output all columns from the table EventVar if its rows match the condition in your function. The only requirement is that the table EventVar has a column of type string with name Source, and it can have any number of other columns.

It is also possible to accept any tabular schema by defining the input tabular parameter like T:(*), but in this case you will not be able to reference any column names inside the function. See example 4 on the documentation page for reference.

Page link:https//www.codepudding.com/Blockchain/652874.html

Prev:performance on repeated query degrades due to buffer limt
Next:amp azure playback speed python
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding