Kql Examples


  • Kql Examplesan example of dcountif () might be to get the number of distinct computers where a particular event occurred in the last hour, and to do this all we have to do is specify which column we want to count the unique values from (computer in this case) and a condition to match before the row is included in the count (where the eventid column value …. For example, the following KQL queries return content items that Table 1 lists some examples of valid property restrictions syntax in . KQL is able to suggest field names, values, and operators as you type. Usar o operador where – Learn | Microsoft Docs. Using KQL To Force “AND” in SharePoint Highlighted Content Web Parts. Most Useful Azure KQL queries. Here's a good example… The following query looks through the Computer data column in the SecurityEvent table, calculates the character length of the name of each computer found, and produces custom column called 'ComputerNameLength' in the results. Department' = 'Sales' Although this report looks good and KQL doesn't throw any errors for this report, it will still generate zero results along with an information message as seen below. Keyword queries and search conditions for eDiscovery. This article describes common queries and examples that use the Kusto Query Language. Select the desired source, paste a query into the Query text (KQL) section, . For example what if we wanted to see all Computers which start with aks and . These queries can also be used in alerting rules. For example, anyone that’s worked with SQL Server, will have an easy time with KQL. The data types used in the Medchat data model include bool , datetime , guid , int , real , string , and timespan. KQL (Kibana Query Language) is a query language available in Kibana, that will be handled by Kibana and converted into Elasticsearch Query DSL. Certain restrictions in SharePoint Online web parts can have limited functionality, getting in the way of what you are trying to achieve. Introduction to Kusto query language (KQL) in Azure Monitor. For example, the following KQL queries return content items that contain the terms "federated". KQL (Kusto Query Language). com, annb, or "Ann Beebe" to specify the user Ann Beebe. Using Kusto Query Language (KQL) in Azure Sentinel to calculate IIS session times User sessions are an important aspect of identifying the behavior of web users. We can use the let statement for this. Start Your Free Data Science Course. For example, the following KQL queries return content items that contain the terms "federated" and "search": federated search federat* search search fed* KQL queries don't support suffix matching. On the blog today we provided a quick start guide for creating Elasticsearch queries in Kibana using both KQL and Lucene. Additionally, for any parsing or working with data that requires a bit more complexity than native querying, KQL does have plug-ins that can extend its use by leveraging Python and R. Understanding the Kibana Query Language (KQL). Some examples of services/products hosted in Azure that make use of KQL are: Azure Data Explorer. schemas, IDLs, or code samples that are included in the documentation. Kusto Query Language (Kusto or KQL for short) is a query language that is particularly well-suited for efficiently querying large data sets. KQL magic supports Azure Data Explorer, Application Insights, and Log Analytics as data sources to run queries against. We can refine this report to include tickets that match some specific criteria. Here is an example of how to populate the request body in the copy activity. Some examples of services/products hosted in Azure that make use of KQL are: Azure Data Explorer; Log Analytics; Sentinel (this is Microsoft's cloud SIEM . I can get it to work for a single Column, but I can't get it to search for a second column. As an example of this, use the following KQL query in the KQL Playground (https://aka. Example 1: To find the application event logs for the select event id let’s say 455 from the select scope. februari 2022; augustus 2021; mei. KQL allows to write data queries and control commands for the database and the database tables. Kql examples Kql Syntax Examples Economic! Analysis economic. In this article I'm going to discuss table joins and the let statement in Log Analytics. Kusto Query Internals Azure Sentinel Reference. The following example extracts the last octet of ComputerIP from a heartbeat record: Heartbeat | where ComputerIP != "" | take 1 | project ComputerIP, last_octet=extract("([0-9]*$)", 1, ComputerIP) The following example extracts the last octet, casts it to a real type (number), and then calculates the next IP value:. The cheat sheet is now also available in a dark color scheme: kql_cheat_sheet_dark. date?(date) : checks if any fields of type date match the specified date. Embedding a KQL Query in the Copy Activity. KQL Internals is a guidance that I’ve made to help people getting started with the language itself. So can you give me a simple KQL example? OK, the SQL query above would look like this in KQL: ConferenceSessions | where conference . Ticket ID' FROM 'Tickets' WHERE 'Tickets. | extend RollingUserClicks=series_fir(UserClicks, moving_sum_filter, false) // Use the zip() operator to pack the timestamp with the user activities per time bin. What is Keyword Query Language and how to use it in. KQL, or Kusto Query Language, as I mentioned above, is a powerful language used in searches (hunting) in products such as Microsoft’s cloud SIEM Sentinel and in the endpoint security using Microsoft Defender for Endpoint. Example 3:CPU Utilization Alert (Log Analytics Example) KQL queries are used in alerts heres an example of a CPU Utilization alert. This course will teach you the basic syntax of KQL, then cover advanced topics such as machine learning and time series analysis, as well as exporting your data to various platforms. Autocompletion of search properties and operators When you start to type a search query in the KQL editor, the editor displays suggested autocompletion of supported search properties (also called property restrictions ) that you can select. Note there a few more pre-steps to set this one up. The UI has an area that aids in organizing and customizing the table/schema view, but it also has capabilities to enable easier and quicker access to KQL query creation. Below is an example of pattern detection in Storm Events data using autocluster plugin in Kusto notebook in Azure Data Studio accessing data from Azure Data Explorer databases:. Query Audit data in Azure SQL Database using Kusto Query. 2) Full Access delegated on a mailbox 2. Since the new attacks are evolved and a phishing link can be inside a PDF or a Word file, I’ll cover Office, PDF, and other apps as well. A lot of examples are pro-vided to help you understand the language much. Hopefully this will help anyone else out there that still has unanswered questions on one of. Data Factory is a bit picky in how you enter the query. Note: _take _ and _limit _ are synonyms. Here we discuss the introduction, kibana discover, KQL nested query and examples respectively. undefined blue-teaming-with-kql: Repository with Sample KQL Query examples for Threat Hunting. KQL is a language for expressing search criteria. Go from a beginner to a pro in just a few hours through a free, exercise-driven course. Azure Monitor allows you to write queries against logs and metrics. Referências: Microsoft Defender for Endpoint Commonly Used Queries and Examples – Microsoft Tech Community. Tech and me: S15E01: KQL – The Basics. Jul 10, 2017 · Thanks for the reply. Repository with Sample KQL Query examples for Threat Hunting. THIS POST ALSO SHARES A sample KQL query to get . It's much the same as in SQL: ConferenceSessions | join ConferenceStats on sessionid. The SharePoint Highlighted Content Web Part is a great example of this, as it does not allow the user to combine an “AND” on. Kusto Query Language (KQL). Event | take 100 search in (Event) "Group" | take 100. Learn how to create an index pattern, query data with KQL and create This tutorial provides examples and explanations on querying and . Along with custom logs, these are concepts that really had me scratching my head for a long time, and it was a little bit tricky to put all the pieces together from documentation and other people's blog posts. Creating Variables from Scratch. The KQL Query to the find the application event logs for the select event id or for the multiple event ids. All queries performed by KQL have at least one table as its search base. In this example, we are going to pick Palo Alto events that are logged to the CommonSecurityLog table in Log Analytics/Azure Sentinel. This is a guide to Kibana_query. The first method of using the Let statement is simply to generate your own data. There is about 30-40 fields in the AdditionalExtensions field that I am looking to do this thorough for an important log that I may need to go back in time a lot, I don't want a query that goes back 2 hours to stall, let alone have to go back 7 days or more, KQL fails a lot when going back in time, nothing like Splunk of course, but I am. In the following example we run a multi-line query and render a pie chart using the ploy. Here are a few examples: Refer to d, h, m, and s for days, hours, minutes and seconds. Produces a table with the distinct combination of the provided columns of the input table. In nearly all places in Kibana, where you can provide a query you can see which one is used by the label on the right of the search box. Now to start firing your KQL guns, you have a couple of ways to dive in. JMESPath; KQL References; More on Azure. Example KQL Queries; Continue Linux update process; Fix Kali repository issue; KQL – Distinct & Top; KQL – Project; Archief. practical examples and cover the most common query operators that you'll need to become familiar with to start using KQL effectively. It's also worth knowing that KQL commands have aliases (i. Adds a condition statement, similar to if/then/elseif in other systems. Hadoop, Data Science, Statistics & others. bypass this KQL query with the following example: Instead of running the following command: reg query “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default” An attacker could use the following: reg query "HKCU\Software\Microsoft\Terminal Server Client\Default" This means that if we run the following KQL query for example:. Returns the time offset relative to the time the query executes. The editor also suggests a list of users (in UPN format) when you type email recipient properties, such as From, To, Recipients and Participants. SQL Server database professionals familiar with Transact-SQL will see that KQL is similar to T-SQL with slight differences. The most basic KQL statement looks like this: SELECT 'Tickets. let src = AzureDiagnostics | where ResourceType == "APPLICATIONGATEWAYS" and . As we build Kusto query language queries, we might need the flexibility of variables, both for scalar values, like numbers or strings, or for row sets. For example, I have a metadata column named Metadata, and the managed property name for the corresponding crawled property is owstaxIdMetadata. Using phrases in the free-text KQL query. Learning the Kusto Query Language (KQL) with Application Insights. KQL Online Course: The Basics of Kusto Query Language. It contains hands-on examples and explains different things in multiple steps. 5) Examples of scalar functions 1. In this post, I’ll explain how to extract those URLs with KQL and perform threat hunting. One example that is helpful for monitoring Apache Spark is to parse the Structured Streaming events for the Query Progress details. I am trying to search for two title fields in a SharePoint list using KQL and can't seem to get this to work. So depending on your data structure you could end up with many rows of empty data. 7) Extra KQL knowledge and tips Exchange Online 2. First, run the elastic search, if you are using ubuntu like this:. Example 1: VNET and Subnet KQL Query Sometimes its nice to have an IPAM or inventory of the VNET and subnet ranges allocated. These queries are written in Kusto Query Language or KQL. It was built for the cloud and designed to play well with large data sets, allowing them to be analysed efficiently. KQL has many functions and capabilities to support complex use cases. If we expand our example data to include another row of data, with different names and run the same query you will see empty results. In what seems like forever ago, I wrote a post about how Kusto is becoming the PowerShell of query languages. search fed* KQL queries don't support suffix matching. KQL is the topic for episode 1 and 2, and is the language you will mostly use when writing search queries, and is aimed at end-users. This document specifies the structure of the Keyword Query Language (KQL). How about joining tables? Not inner, outer, cross - just a basic join. I was trying to use parse_json to get to the data but it was always returning empty fields. In this example it will search the title field, but it will not search the TestName field. Aggregating and Visualizing Data with Kusto. Here we are Perf KQL Counter Operator which is used to find Azure Virtual Machines performance from collected data logs. An elementary example of how you might use a KQL function is a query that you run regularly, such as summarizing certain events over a given time period. Highlighted Content Web Part Custom Query. SO if you are seeking a phrase it should be enclosed in quotes. will return the same results as Adding a wildcard (*) will return everything! Adding a wildcard (*) after a word will enable prefix matching. Log Analytics: KQL saved Queries, how to find and run them in. 45 hr VIDEO COURSE: Exploring Data in Microsoft Azure Using Kusto Query Language and Azure Data Explorer by Neeraj Kumar (@mstechtrainings) makes use of NOAA’s Storm Events Database. Must Learn KQL Part 7: Schema Talk. ms/LADemo) to get hands-on for the following types of Let statements. It is an experimental feature built to help us convert a few queries but we thought that it was useful enough to include in MSTICPy. Rather than typing out the full query each time, we can save it with an alias, allowing us to call the full query just by entering its name. For example, the keywords top and limit do the same thing. The Keyword Query Language (KQL) and the FAST Query Language (FQL). Lucene is a query language directly handled by Elasticsearch. This language, similar to a SQL dialect, is. For example, you can use [email protected] However, the scope of a query can expand across all tables, multiple tables or only one table – you have the right to choose. What is KQL and where is it used? KQL is an open source language created by Microsoft to query big data sets stored in the Azure cloud. To open the Kibana query discover we have to follow the following steps: 1. In this article, I will discuss about the basics of KQL and will write some queries to get familiar. | where EventProduct == 'TP Link'. The KQL editor provides suggestions for possible values of some properties. The example KQL statement used above: SELECT 'Tickets. 7 and 2 of this specification are normative. Please use the KQL Playground (https://aka. This includes on how different operators and functions work, and so on. Keyword Query Language (KQL) in SharePoint 2013 Search. Recently I've started spending more time using Azure Sentinel and I wanted to get up to speed on the Kusto Query Language. But this string is already inside the JSON created by Data Factory. KQL (Kibana Query Language) is a query language available in Kibana, that will be handled by Kibana and converted into Elasticsearch Query . For example, anyone that's worked with SQL Server, will have an easy time with KQL. Using KQL functions to speed up analysis in Azure Sentinel. Contribute to swiftsolves-msft/kql development by creating an account on GitHub. For example, if a user was active once on 2016-12-31 and then inactive throughout // January, then the value will be 1 between 2016-12-31 -> 2017-01-28 and then 0s. In case you are wondering what the hell is a managed property - check out this post. You can also get the AVD utilization details from Azure Monitor, and Log Analytics KQL queries. As a recommendation, I prefer each command on its own line. You can add a * for suffix wildcard matching. The SharePoint Highlighted Content Web Part is a great example of this, as it does not allow the user to combine an "AND" on. In this article, we will look into the process of finding the Minimum, Average, and Maximum Memory Utilization of all Azure Virtual Machines using KQL Log Query. KQL is the primary tool used to query Application Insights Logs, however, it’s useful to know that KQL is not. This course will teach you the basic syntax of KQL, then cover advanced topics such as . WHERE (common string and int operations, LIKE, some common functions) SQL comments are removed from. Learn KQL (the query language used in Application Insights and Log Analytics). In MDE (Microsoft Defender for Endpoint), you can use Advanced Search, which is a KQL-based threat hunting tool that. KQL is a feature-rich query language powered by the Kusto Engine that allows you to filter, sort, and aggregate data. KQL is a set of keywords one can use to specify the queries in the SharePoint search. there can be more than one word for the same command). structure of KQL to learn more about the different operators. Kibana Query Language (KQL) supports boolean operators AND, OR and NOT (case insensitive). The KQL Playground contains a number of data connections that you may not have in your own environment. Add a new column to your query with the following syntax. See sample queries and why KQL is a very productive query language for analytics. 1) Mail forwarder rule on inbox 2. restrict statement: used by applications to restrict queries to a specific subset of data in Kusto. SQL TO KQL Conversion (Experimental) The sql_to_kql module is a simple converter to KQL based on moz_sql_parser. KQL is the topic for episode 1 Operator, Description, Usage, Example. For example, the following screenshot shows the suggested values for the Kind property. That Boolean Query example is one of the basic concepts behind something called Keyword Query Language, also known as KQL. KQL Query Example 1: To find the Azure network logs of Inbound and Outbound for the last 12 hours by projecting the TimeGenerated, Protocol, SourceIP, Target, Action, and Complete display message of Network flow log. I have checked few times the article for materialize() and while it provides good overview of the query, I felt that it could benefit from example that has recorded speed benefit. Read more on Keyword Query Language (KQL) or check out The SharePoint Agency cheat sheet below Typing more than one term is equivalent to adding AND between your terms. Must Learn KQL Part 11: The Summarize Operator – Azure Cloud. There’s nothing more frustrating than being given an example and there are no results for your effort. What is Kusto Query Language(KQL)? KQL is a read-only language similar to SQL that's used to query large datasets in Azure. The examples that I provide will have been tested to work and to show results. It is neater and more organized which makes it easier to troubleshoot when a query fails (as. We will look into a few various examples and how we can use them to filter the results. I will walk you through the different steps on how an operator works, and how you can start writing your own KQL queries. All other sections and examples in this specification are informative. The next query modifies the KQL Join Operator example query directly above, with let statements: // 1. Microsoft uses Kusto Query Language (KQL) on all of their cloud In the example query, the let function is used 3 times to label the . Chapter 5: Using the Kusto Query Language (KQL) The Kusto Query Language ( KQL) is a plain-text, read-only language that is used to query data stored in Azure Log Analytics workspaces. Introduction to Kusto query language (KQL) in Azure Monitor. KQL fundamentals – Where operator – Cyber Geeks. In many cases there is a lot of effort on ensuring that a user spends as much time visiting a website as it increase the chance of consuming the services offered by that particular. out as possible (like for example date range filters or EventType filters) as . Kusto Query Language (KQL) from Scratch. Many of these resources I keep in a. My experiences For just caching a data set, materialize does not increase performance – in fact, if you look at the KQL ”linter”, it displays a very specific. For example, datetime functions can be used with fields of type datetime, string functions can be used on strings, and so on. While looking at the SigninLogs table in Azure Sentinel I noticed there are a lot of dynamic fields that hold JSON data. Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. Ensure you have azure loganaltyics workspace created ; Ensure your vms are enable to send insights metrics to the log analytics workspace; Setting up the alert. KQL specifies a syntax for search queries that enables users and . Some example functionality this provides is being able to decode Base64 data, parse URLs, and even parse command line arguments. let dt_lookBack = 7d; // Get Watchlist data. Fullname' FROM 'Tickets', 'Users' Would produce a report that listed every single ticket in the helpdesk, including the ticket ID, subject and user's name. It can consist of the following elements (Source: Microsoft Documentation): Free text words and phrases; Managed Properties; Operators; Keyword Query Language Examples. A KQL query can be all one single line. Title: ( {searchTerms}) OR Test_x0020_Name. Some examples of services/products hosted in Azure that make use of KQL are: Sentinel (this is Microsoft’s cloud SIEM solution that makes use of a Log Analytics workspace as its backend). FQL has some extended capabilities over KQL, but you will usually solve your queries using KQL. MyProperty="these words" The colon is the contains operator. Implementation: Follow the below steps to Run the Log Queries. This native Kusto (KQL) support brings another modern data experience to Azure . However the challenge is, the search only looks at the “name”. Kusto Query Language (KQL) from Scratch. The best way to understand this, is to just dig into some examples. Here's a quick KQL that you can run in resource graph explorer to find this out. For example, the following KQL queries return content items that contain the terms "federated" and "search": federated search. Nice shortcut in KQL to get JSON data in a dynamic column. In this note i will show some examples of how to use boolean operators AND, OR and NOT in Kibana search queries. This requires using two functions on the Message field: replace and parse_json. 6) Examples of two aggregation functions 1. When using the parse operator, KQL will run through all your rows of data and return even results where there is no match. 4) Examples of common string operators 1. SecurityEvent | where TimeGenerated > now (-7d) Perform arithmetic operations on values of types datetime and timespan: datetime (2021-01-31) + 1d Returns: 2/1/2021, Multiply numeric values (such as double and. In this article, we will look into the process of finding the Minimum, Average, and Maximum CPU Utilization of all Azure Virtual Machines using KQL Log Query. You must pass the KQL query to the API as a JSON string. The following examples show the GUI-based version of a search query with conditions, the. This is a collection of my 'Kusto Query Language 101' learnings. In this post, I’m not going to focus heavily on areas 2-4. Here’s a good example… The following query looks through the Computer data column in the SecurityEvent table, calculates the character length of the name of each computer found, and produces custom column called ‘ComputerNameLength’ in the results. The following sections show examples of how the KQL editor provides suggestions and detects potential errors. Check out my full Kibana course . | join kind = rightanti (imNetworkSession. query data with KQL and create This tutorial provides examples and . Learn how to use Kibana's Query Language (abbreviated KQL) and how it works under the hood. This PDF contains multiple examples and explains things, step by step. The Kibana Query Language (KQL) is a simple syntax for filtering Elasticsearch data using free text search or field-based search. In this chapter, we will only concern ourselves. KQL is only used for filtering data, and has no role in sorting or aggregating the data. I then realized that parse_json requires a string input, not a dynamic. 45 hr VIDEO COURSE: Exploring Data in Microsoft Azure Using Kusto Query Language and Azure Data Explorer by Neeraj Kumar (@mstechtrainings) makes use of NOAA's Storm Events Database. You need to use the managed property in the KQL section. And, as before, try typing the query into the KQL Playground instead of just a copy/paste operation. In this article, we advance the study of KQL with some practical examples of the where operator. Start directly from the Log Analytics workspace you’ve created in part 2 of the series, like so: OR. It may seem like an intimidating challenge to learn a whole new query language to work with Microsoft, but most of the queries become straightforward after learning the basic syntax and some of the common functions. Adds a condition statement, similar to. KQL (Kusto Query Language) was developed with certain key principals in mind, like – easy to read and understand syntax, provide high-performance through scaling, and the one that can transition smoothly from simple to complex query. In this page I want to provide a list of resources for each service that is using KQL as well as repos, and blog posts. For example, you can’t run the same example report as follows: SELECT 'Tickets. KQL Series – creating KQL queries – SQLServerCentral. Jenny Hersko's SharePoint Tips and Tricks. Declare / set the limitVal variable. However, I’ve also received some feedback from people that wanted me to cover certain. If you get an error, you might've fat-thumbed something so you can use the inline code to compare against. Below please find some examples of the Keyword Query Language (KQL) for each of the elements mentioned above. Kibana Discover is the method where we can use the Kibana query with the help of a click option. Presentation: GrayHat-BlueTeamingwithKQL. Event | where EventLog has "Application" and TimeGenerated > ago(1d) | where EventID == "455" Output:. 1 Glossary This document uses the following terms:. Recipient expansion When searching any of the recipient properties (From, To, Cc, Bcc, Participants, and Recipients), Microsoft 365 attempts to expand the identity of each user by looking them up in Azure Active Directory (Azure AD). _GetWatchlist ('Allowed_LAN_IPs') //Search for IP's that do not exist within the watchlist. They are used as conjunctions to combine or exclude keywords in Kibana search queries, resulting in more focused and productive results. You should also know that there is a difference in KQL between = and :. So the KQL I use to display the documents filled with term "Sales & Marketing" is (Double quotes can be omitted): ContentType:Document. So it would not be possible to filter content based on the combination of two different managed properties. Interestingly KQL is a read-only query language, which processes the data and returns results. Nice shortcut in KQL to get JSON data in a dynamic column. In this post, I'm not going to focus heavily on areas 2-4. Some examples of services/products hosted in Azure that make use of KQL are: Azure Data Explorer Log Analytics. Feel free to use this query our the KQL Playground demo environment (https://aka. Leveraging the Power of KQL in Incident Response. If you get an error, you might’ve fat-thumbed something so you can use the inline code to compare against. Here the Perf KQL Counter Operator is used to find Azure Virtual Machines performance from collected data logs. Using KQL To Force "AND" in SharePoint Highlighted Content Web Parts. KQL example When not using a Custom Query, HCWP filtering operations are as follows: Filters of the same type use an OR operator, and filters of different types use an AND operator. 6 Can you combine KQL query elements with operators? An elementary example of how you might use a KQL function is a query that you run . docs to real world use, so I like to use real world data in my examples. This is something I’ve been meaning to write for some time. Also, when executing queries in the Query editor, the default time frame is 24 hours, which can be customized. When you click a link on a PDF file, Sysmon logs the event (EventID=1) as follows:. So for example if I had some KQL using the “externaldata” operator, unless I had that in the name as well, I couldn’t find it (without opening all my files), which is only ok, if you have a few saves. Azure Monitor enables you to analyze the availability and performance of your applications, services, and servers. KQL is used in several Azure products, include the ADX managed SaaS service (GA 2019) for big data exploration in NRT (Near Real Time): References: 2. Jupyter Notebook: Click on nbviewer Badge :: Structure of Basic KQL Query. Use a single magic “%kql” to run a single line query, or use cell magic “%%kql” to run multi-line queries. KQL, the Kusto Query Language, is used to query Azure's services. Some examples of services/products hosted in Azure that make use of KQL are:. If you have multiple workspaces and might want to switch around between them, start from Azure Monitor and select Logs, like so: If you do it this way, make sure. Advanced Example: Parse Query Progress Event. julkaissut Joosua Santasalo · 13 syyskuun, 2021 · Comments 0. 3) User added to Exchange Admin role. For example, if want to filter only the Title field in SharePoint then we can give the query as follows, Title: “test”. Department' = 'General' AND 'Tickets. Basic searching and string operators. Must Learn KQL Part 13: The Extend Operator – Azure Cloud. Much like SQL, it utilizes a hierarchy of entities that starts with databases, then tables, and finally columns. When writing KQL queries in code cells, users can also be more productive with the IntelliSense support in Notebooks. KQL is an open source language created by Microsoft to query big data sets stored in the Azure cloud. This folder has various KQL examples related to Threat Hunting/Blue Teaming presented at Blue Team Village at GrayHat 2020. Developed by Microsoft, KQL was created for and is used in several of Microsoft's cloud services to query and analyze massive data sets.