查询运算符Query operators

查询是针对 Kusto 引擎群集的已引入数据的只读操作。A query is a read-only operation against a Kusto Engine cluster's ingested data. 查询始终在群集中特定数据库的上下文中运行(尽管查询也可以引用其他数据库中的数据,甚至其他群集中的数据)。Queries always run in the context of a particular database in the cluster (although they may also refer to data in another database, or even in another cluster).

由于数据的临时查询是 Kusto 的优先级最高的方案,因此 Kusto 查询语言语法已针对非专家用户进行了优化,用户可以针对其数据创作和运行查询,并且能够清楚地理解(从逻辑上)每个查询的作用。As ad-hoc query of data is the top-priority scenario for Kusto, the Kusto Query Language syntax is optimized for non-expert users authoring and running queries over their data and being able to understand unambiguously what each query does (logically).

语言语法是数据流的语法,这里的“数据”实际上表示“表格数据”(一个或多个行/列矩形中的数据)。The language syntax is that of a data flow, where "data" really means "tabular data" (data in one or more rows/columns rectangular shape). 查询至少由源数据引用(对 Kusto 表的引用)和依次应用的一个或多个查询运算符组成,通过使用竖线字符 (|) 对运算符进行分隔来直观地表示。At a minimum, a query consists of source data references (references to Kusto tables) and one or more query operators applied in sequence, indicated visually by the use of a pipe character (|) to delimit operators.

例如:For example:

StormEvents 
| where State == 'FLORIDA' and StartTime > datetime(2000-01-01)
| count

以管道字符 | 作为前缀的每个筛选器均是运算符** 的一个实例,并且带有某些参数。Each filter prefixed by the pipe character | is an instance of an operator, with some parameters. 运算符的输入是前一管道的结果表。The input to the operator is the table that is the result of the preceding pipeline. 大多数情况下,任何参数均是输入列上的标量表达式In most cases, any parameters are scalar expressions over the columns of the input. 在少数情况下,参数是输入列的名称,有时参数是另一个表。In a few cases, the parameters are the names of input columns, and in a few cases, the parameter is a second table. 查询结果始终以表呈现,即使它仅有一列和一行。The result of a query is always a table, even if it only has one column and one row.

参考:查询运算符Reference: Query operators

以下查询示例使用 T 表示前一管道或源表。T is used in query examples below to denote the preceding pipeline or source table.