使用 Kusto.ExplorerUsing Kusto.Explorer

Kusto.Explorer 是一个桌面应用程序,可让你在易于使用的用户界面中使用 Kusto 查询语言来浏览数据。Kusto.Explorer is a desktop application that enables you to explore your data using the Kusto Query Language in an easy-to-use user interface. 本文介绍如何使用搜索和查询模式、如何共享查询以及如何管理群集、数据库和表。This article shows you how to use search and query modes, share your queries, and manage clusters, databases, and tables.

Search++ 模式Search++ mode

使用 Search++ 模式,可在一个或多个表中使用搜索语法搜索字词。Search++ mode enables you to search for a term using search syntax across one or more tables.

  1. 在“主页”选项卡的“查询”下拉列表中选择“Search++”。In the Home tab, in the Query dropdown, select Search++ .

  2. 选择“多个表”。Select Multiple tables .

  3. 在“选择表”下,定义要搜索的表。Under Choose tables , define which tables to search.

  4. 在“编辑”框中,输入搜索短语,然后选择“开始”。In the edit box, enter your search phrase and select Go .

  5. 表/时间段网格的热图显示出现的字词以及它们出现的位置。A heat-map of the table/time-slot grid shows which terms appear and where they appear.

    Search++ Kusto Explorer

  6. 在网格中选择一个单元格,然后选择“查看详细信息”,在结果窗格中显示相关条目。Select a cell in the grid and select View Details to show the relevant entries in the results pane.

    Kusto Explorer Search++ 结果

查询模式Query mode

Kusto.Explorer 包含一个功能强大的脚本模式,可用于编写、编辑和运行即席查询。Kusto.Explorer includes a powerful script mode that enables you to write, edit, and run ad-hoc queries. 此脚本模式附带语法突出显示和 IntelliSense,可方便你快速加深对 Kusto 查询语言的了解。The script mode comes with syntax highlighting and IntelliSense, so you can quickly ramp-up your knowledge of the Kusto Query Language.

本部分介绍如何在 Kusto.Explorer 中运行基本查询,以及如何将参数添加到查询。This section describes how to run basic queries in Kusto.Explorer and how to add parameters to your queries.

基本查询Basic queries

如果你有表日志,可以开始浏览它们:If you have table Logs, you can start exploring them:

StormEvents | count 

当光标位于此行上时,它的颜色为灰色。When your cursor is on this line, it's colored gray. 按 F5 运行查询。Press F5 to run the query.

下面提供了一些查询示例:Here are some more example queries:

// Take 10 lines from the table. Useful to get familiar with the data
StormEvents | limit 10 
// Filter by EventType == 'Flood' and State == 'California' (=~ means case insensitive) 
// and take sample of 10 lines
StormEvents 
| where EventType == 'Flood' and State =~ 'California'
| limit 10

Kusto Explorer 基本查询

详细了解 Kusto 查询语言Learn more about Kusto Query Language.

备注

查询表达式中的空白行可能影响执行查询的那一部分。Blank lines in the query expression can affect which part of the query is executed.

如果未选定文本,则假定以空行分隔查询或命令。If no text selected, it's assumed that the query or command is separated by empty lines. 如果选定了文本,则运行选定的文本。If text is selected, the selected text is run.

客户端查询参数化Client-side query parameterization

备注

Kusto 中有两种类型的查询参数化技术:There are two types of query parametrization techniques in Kusto:

  • 语言集成查询参数化作为查询引擎的一部分来实现,旨在供以编程方式查询服务的应用程序使用。Language-integrated query parametrization is implemented as part of the query engine and is meant to be used by applications that query the service programmatically. 本文档不介绍此方法。This method is not described in this document.

  • 如下所述,客户端查询参数化只是 Kusto.Explorer 应用程序的一项功能。Client-side query parametrization, described below, is a feature of the Kusto.Explorer application only. 这相当于在将查询发送给服务执行之前对查询使用字符串替换操作。It's equivalent to using string-replace operations on the queries before sending them to be executed by the service. 下述语法不是查询语言本身的一部分,并且在通过 Kusto.Explorer 以外的方式将查询发送到服务时不能使用。The syntax described below is not part of the query language itself and can't be used when sending queries to the service by means other than Kusto.Explorer.

如果在多个查询或多个选项卡中使用相同的值,则在使用该值的每一处进行更改非常不方便。If you use the same value in multiple queries or in multiple tabs, it's highly inconvenient to change that value in every place it's used. 这就是 Kusto.Explorer 支持查询参数的原因。That's why Kusto.Explorer supports query parameters. 查询参数在选项卡之间共享,以便可以轻松重复使用。Query parameters are shared among tabs so that they can be easily reused. 参数由 {} 括号表示。Parameters are denoted by {} brackets. 例如: {parameter1}For example: {parameter1}

脚本编辑器突出显示查询参数:The script editor highlights query parameters:

参数化查询 1

可以轻松定义和编辑现有查询参数:You can easily define and edit existing query parameters:

编辑参数化查询 2

编辑参数化查询 3

脚本编辑器还包含已定义的查询参数的 IntelliSense:The script editor also has IntelliSense for query parameters that are already defined:

参数化查询 IntelliSense

你可以具有多组参数(在“参数集”组合框中列出)。You can have multiple sets of parameters (listed in the Parameters Set combo box). 选择“新增”或“删除现有”以操作参数集列表 。Select Add new or Delete current to manipulate the list of parameter sets.

参数集列表

共享查询和结果Share queries and results

在 Kusto.Explorer 中,可以通过电子邮件共享查询和结果。In Kusto.Explorer, you can share queries and results by email. 还可以创建将在浏览器中打开和运行查询的深层链接。You can also create deep links that will open and run a query in the browser.

通过电子邮件共享查询和结果Share queries and results by email

Kusto.Explorer 提供了一种便捷方式,可以通过电子邮件共享查询和查询结果。Kusto.Explorer provides a convenient way to share queries and query results by email.

  1. 在 Kusto.Explorer 中运行查询Run your query in Kusto.Explorer.

  2. 在“主页”选项卡的“共享”部分,选择“导出到剪贴板”(或按 Ctrl+Shift+C)。In the Home tab, in the Share section, select Export to Clipboard (or press Ctrl+Shift+C).

    导出到剪贴板

    Kusto.Explorer 将以下内容粘贴到剪贴板:Kusto.Explorer pastes the following to the clipboard:

    • 你的查询Your query
    • 查询结果(表或图表)The query results (table or chart)
    • Kusto 群集和数据库的连接详细信息The connection details for the Kusto cluster and database
    • 将自动重新运行查询的链接A link that will rerun the query automatically
  3. 将剪贴板中的内容粘贴到新的电子邮件中。Paste the contents of the clipboard into a new email message.

    通过电子邮件共享结果

深层链接查询Deep-linking queries

可以创建一个 URI,当在浏览器中打开该 URI 时,它将在本地打开 Kusto.Explorer,并在指定的 Kusto 数据库上运行特定的查询。You can create a URI that, when opened in a browser, opens Kusto.Explorer locally and runs a specific query on a specified Kusto database.

备注

出于安全原因,禁用了控制命令的深层链接。For security reasons, deep-linking is disabled for control commands.

创建深层链接最简单的方法是在 Kusto.Explorer 中编写查询,然后使用 Export to Clipboard 将查询(包括深层链接和结果)复制到剪贴板。The easiest way to create a deep-link is to author your query in Kusto.Explorer and then use Export to Clipboard to copy the query (including the deep link and results) to the clipboard. 然后,你可以通过电子邮件共享它。You can then share it by email.

复制到电子邮件时,深层链接以小字体显示。When copied to an email, the deep link is displayed in small font. 例如:For example:

https://help.kusto.chinacloudapi.cn:443/Samples [单击以运行查询]https://help.kusto.chinacloudapi.cn:443/Samples [Click to run query]

第一个链接打开 Kusto.Explorer 并相应地设置群集和数据库上下文。The first link opens Kusto.Explorer and sets the cluster and database context appropriately. 第二个链接 (Click to run query) 是深层链接。The second link (Click to run query) is the deep link. 如果将链接移至电子邮件并按 Ctrl+K,则可以看到实际的 URL:If you move the link to an email message and press CTRL+K, you can see the actual URL:

https://help.kusto.chinacloudapi.cn/Samples?web=0&query=H4sIAAAAAAAEAAsuyS%2fKdS1LzSspVuDlqlEoLs3NTSzKrEpVSM4vzSvR0FRIqlRIyszTCC5JLCoJycxN1VEwT9EEKS1KzUtJLVIoAYolZwAlFQCB3oo%2bTAAAAA%3d%3d

可以将参数化查询与深层链接结合使用。You can use parametrized queries with deep-linking.

  1. 创建要构成为参数化查询的查询(如 KustoLogs | where Timestamp > ago({Period}) | countCreate a query to be formed as a parametrized query (for example, KustoLogs | where Timestamp > ago({Period}) | count)

  2. 为 URI 中的每个查询参数提供一个参数,例如:Provide a parameter for every query parameter in the URI, such as:

    https://<your_cluster>.kusto.chinacloudapi.cn/MyDatabase? web=0&query=KustoLogs+%7c+where+Timestamp+>+ago({Period})+%7c+count&Period=1h

    将 your_cluster 替换为 Azure 数据资源管理器群集的名称<>。Replace <your_cluster> with your Azure Data Explorer cluster name.

限制Limitations

由于浏览器限制、HTTP 代理和验证链接的工具(如 Microsoft Outlook),查询的字符数不得超过 2000 个。The queries are limited to ~2000 characters because of browser limitations, HTTP proxies, and tools that validate links, such as Microsoft Outlook. 该限制是近似值,因为它取决于群集和数据库名称的长度。The limitation is approximate because it's dependent on the cluster and Database name length. 有关详细信息,请参阅 https://support.microsoft.com/kb/208427For more information, see https://support.microsoft.com/kb/208427.

要减少达到字符限制的几率,请参阅获取更短的链接To reduce the chances of reaching the character limit, see Getting Shorter Links.

URI 的格式为:https://<ClusterCname>.kusto.chinacloudapi.cn/<DatabaseName>web=0?query=<QueryToExecute>The format of the URI is: https://<ClusterCname>.kusto.chinacloudapi.cn/<DatabaseName>web=0?query=<QueryToExecute>

例如:https://help.kusto.chinacloudapi.cn/Samples?web=0query=StormEvents+%7c+limit+10For example: https://help.kusto.chinacloudapi.cn/Samples?web=0query=StormEvents+%7c+limit+10

该 URI 将打开 Kusto.Explorer,连接到 Help Kusto 群集,并在 Samples 数据库上运行指定的查询。This URI will open Kusto.Explorer, connect to the Help Kusto cluster, and run the specified query on the Samples database. 如果已经有 Kusto.Explorer 实例在运行,则正在运行的实例将打开一个新选项卡并在其中运行查询。If there's an instance of Kusto.Explorer already running, the running instance will open a new tab and run the query in it.

查询可能会变得很长。Queries can become long. 要减少查询超过最大长度的几率,请使用 Kusto 客户端库中提供的 String Kusto.Data.Common.CslCommandGenerator.EncodeQueryAsBase64Url(string query) 方法。To reduce the chance the query exceeds the maximum length, use the String Kusto.Data.Common.CslCommandGenerator.EncodeQueryAsBase64Url(string query) method available in Kusto Client Library. 此方法可生成更精简的查询版本。This method produces a more compact version of the query. Kusto.Explorer 也可以识别较短的格式。The shorter format is also recognized by Kusto.Explorer.

https://help.kusto.chinacloudapi.cn/Samples?web=0&query=H4sIAAAAAAAEAAsuyS%2fKdS1LzSspVuDlqlEoLs3NTSzKrEpVSM4vzSvR0FRIqlRIyszTCC5JLCoJycxN1VEwT9EEKS1KzUtJLVIoAYolZwAlFQCB3oo%2bTAAAAA%3d%3d

通过应用下一个转换,使查询更精简:The query is made more compact by applying next transformation:

 UrlEncode(Base64Encode(GZip(original query)))

Kusto.Explorer 命令行参数Kusto.Explorer command-line arguments

使用命令行参数来配置工具以便在启动时执行其他功能。Command-line arguments are used to configure the tool to perform additional functions on start-up. 例如,加载脚本并连接到群集。For example, load a script and connect to a cluster. 因此,命令行参数不能替代任何 Kusto.Explorer 功能。As such, command-line arguments aren't a replacement for any Kusto.Explorer functionality.

命令行参数作为用于打开应用程序的 URL 的一部分传递,类似于查询深层链接Command-line arguments are passed as part of the URL that's used to open the application, in a similar way to query deep-linking.

命令行参数语法Command-line argument syntax

Kusto.Explorer 支持以下语法中的几个命令行参数(顺序很重要):Kusto.Explorer supports several command-line arguments in the following syntax (the order matters):

[ LocalScriptFile ] [ QueryString ][ LocalScriptFile ] [ QueryString ]

  • LocalScriptFile 是本地计算机上脚本文件的名称,该文件必须具有扩展名 .kqlLocalScriptFile is the name of a script file on your local machine, which must have the extension .kql. 如果此文件存在,则 Kusto.Explorer 会在启动时自动加载此文件。If such a file exists, Kusto.Explorer automatically loads this file when it starts up.
  • QueryString 是使用 HTTP 查询字符串格式的字符串。QueryString is a string that uses HTTP query string formatting. 该方法提供了其他属性,如下表所述。This method provides additional properties, as described in the table below.

例如,要使用名为 c:\temp\script.kql 的脚本文件启动 Kusto.Explorer,并将其配置为与群集 help、数据库 Samples 通信,请使用以下命令:For example, to start Kusto.Explorer with a script file called c:\temp\script.kql and configured to communicate with cluster help, database Samples, use the following command:

Kusto.Explorer.exe c:\temp\script.kql uri=https://help.kusto.chinacloudapi.cn/Samples;Fed=true&name=Samples
参数Argument 说明Description
要执行的查询Query to execute
query 要执行的查询(base64 编码)。The query to execute (base64-encoded). 如果为空,则使用 querysrcIf empty, use querysrc.
querysrc 保存要执行的查询的文件或 blob 的 URL(如果 query 为空)。The URL of a file or blob holding the query to execute (if query is empty).
与 Kusto 群集的连接Connection to the Kusto cluster
uri 要连接到的 Kusto 群集的连接字符串。The connection string of the Kusto cluster to connect to.
name 与 Kusto 群集的连接的显示名称。The display name of the connection to the Kusto cluster.
连接组Connection group
path 要下载的连接组文件的 URL(URL 编码)。The URL of a connection group file to download (URL-encoded).
group 连接组的名称。The name of the connection group.
filename 保存连接组的本地文件。The local file holding the connection group.

管理群集、数据库、表或函数授权主体Manage clusters, databases, tables, or function authorized principals

备注

只有管理员才能在自己的范围中添加或删除授权主体。Only admins can add or drop authorized principals in their own scope.

连接面板中右键单击目标实体,然后选择“管理群集授权主体”。Right-click the target entity in the Connections panel, and select Manage Cluster Authorized Principals . (也可以从“管理”菜单中选择此选项。)(You can also select this option from the Management Menu.)

管理授权主体

管理授权主体窗口

  • 要添加新的授权主体,请选择“添加主体”,提供主体详细信息,然后确认操作。To add a new authorized principal, select Add principal , provide the principal details, and confirm the action.

    添加授权主体

    确认添加授权主体

  • 要删除现有授权主体,请选择“删除主体”并确认操作。To drop an existing authorized principal, select Drop principal and confirm the action.

    确认删除授权主体

后续步骤Next steps

详细了解 Kusto.Explorer 工具和实用程序:Learn more about Kusto.Explorer tools and utilities: