Hands-On LabBeginner

Introduction to Kusto Query Language (KQL) in Azure Log Analytics

Learn KQL fundamentals by querying real log data in Azure Log Analytics using search, where, project, and summarize operators.

Browse all labs
45 minEstimated time
3Guided steps
AutoVerification
IsolatedSandbox
Introduction to Kusto Query Language (KQL) in Azure Log Analytics

Lab overview

Kusto Query Language (KQL) is the primary query language used across Azure Monitor, Microsoft Sentinel, Azure Data Explorer, and Microsoft Defender. In this lab, you will learn KQL fundamentals by querying real log data inside an Azure Log Analytics workspace. Starting with basic operators like search, where, and project, you will progress to aggregating data with summarize and visualizing results with render — all within the Azure Portal's Logs query editor.

Objectives

Upon completion of this beginner level lab, you will be able to:

  • Navigate to a Log Analytics workspace and use the Logs query editor
  • Write basic KQL queries using search, where, project, and take operators
  • Filter, sort, and format query results using extend, sort by, and top
  • Aggregate data using summarize with count(), avg(), and bin()
  • Create time-based queries using ago() and render visual charts

Who is this lab for?

This lab is designed for:

  • Cloud engineers getting started with Azure monitoring
  • Security analysts learning log analysis fundamentals
  • DevOps engineers who need to query Azure Monitor logs
  • IT administrators managing Azure environments

Verified against your live environment

An automated validation engine inspects your actual resources and configurations as you work. Completion means the task was performed — not multiple choice, real-world proficiency.

[CHECK] validation_activelive
Inspecting deployed resources...
Verifying configuration state...
✓ Step requirements satisfied

More labs like this

1 hour and 15 minutes

Conduct a Threat Hunt Using Kusto Query Language (KQL)

Hunt for indicators of compromise in security logs using advanced KQL queries mapped to MITRE ATT&CK tactics.

1 hour

Creating a Web App on Azure App Service using Azure Portal

Learn how to create, configure, and deploy a web application using Azure App Service through the Azure Portal's interface.

1 hour

Creating and Deploying Azure Functions using Azure Functions Core Tools

In this lab, you will learn how to create and deploy Azure Functions using Azure Functions Core Tools.

Related reading

Azure AI Services Explained: A Beginner's Map to Vision, Speech, Language, and OpenAIA beginner's map to Azure AI Services. What Vision, Speech, Language, Content Safety, and Azure OpenAI each do, when to use them, and a week-by-week path with hands-on labs to start building today.Azure Compute Services Compared — VMs vs. App Service vs. Functions vs. Container AppsA practical comparison of Azure VMs, App Service, Functions, and Container Apps — what each does, what it costs, and when to use it.Startup Tech Stack: Building Smart with Azure ServicesExplore how startups can leverage Azure services to build a powerful, scalable tech stack. Learn how to select and implement key Azure tools for success.
PremiumIncluded in Premium
Duration
45 min
Steps
3

Environment

Live Cloud Environment

Every lab includes

  • Real environment, pre-credentialed
  • Automated checks on every step
  • Isolated sandbox, auto cleanup
  • AI-recommended next steps

Lab curriculum

  1. 01

    Logging into Azure Account using Azure Portal

  2. 02

    Navigating to Log Analytics and Writing Basic KQL Queries

    1 automated check

  3. 03

    Aggregating and Visualizing Data with KQL

    1 automated check

Skills validated

Kusto Query Language

Not the lab you were looking for?

Browse 150+ hands-on labs across AWS, Azure, Kubernetes, Docker, and cloud security.

Explore the catalog