In my Jupyter notebook, I want to run the same KQL query against different Sentinel workspaces and compare the results as data frames. Is there an easy way to have multiple workspace connections at the same time or would I need to reconnect and query each workspace individually every time I change my KQL query?
How do I connect kqlmagic to more than one Log Analytics workspace at the same time?
478 views Asked by gorzilla At
2
There are 2 answers
0
Ked Mardemootoo
On
See if cross-workspace queries satisfy your requirements. And a bit more documentation here. Cross-workspace queries are for exactly you describe. You use a union operator to link both - similar to how you would link two tables using union.
Snipped from the article:
workspace('<workspace-A>').SecurityEvent
| union workspace('<workspace-B>').SecurityEvent
Related Questions in JUPYTER-NOTEBOOK
- ModuleNotFoundError on .ipynb
- Error after command biogeme = biogeme.BIOGEME (database, logprob)
- The kernel appears to have died. It will restart automatically. whenever i try to run the plt.imshow() and plt.show() function in jupyter notebook
- Why this model fit function has value error? I have no idea how to solve it
- How to solve the issue faced during running command pip install google-colab?
- Tab key for recommendation
- ModuleNotFoundError: No module named 'src' while importing logging
- Matplotlib Fails to Update Axis Limits with ipywidgets in Jupyter Lab
- PyTorch training on M2 GPU slower than Colab CPU
- I am getting 'NoneType object is not subscriptable' error in web scraping method
- How to automating Code Formatting in VSCode for Jupyter Notebooks with Black Formatter?
- Can't download from GitHub
- Contour plot projection not showing properly in matplotlib 3d plotting
- ValueError: setting an array element with a sequence. Trying to make a Skymap in Python
- When running turtle the window stops responding and the jupyter kernel dies
Related Questions in KQL
- Kusto query to get correct users counts connected to the server
- What are the possible ways I can handle duplicate data in ADX
- Issues with Defender Advanced Hunting using Python
- Azure DataBricks - Looking to query "workflows" related logs in Log Analytics (ie Name, CreatedBy, RecentRuns, Status, StartTime, Job)
- KQL Query to filter Message based on Grafana Variable
- How can I stack data correctly using kusto into a columnchart
- Why does ADX caching result from related dimension table/mv/function
- How can I get all but the last row in a KQL query?
- How to Run control commands in KQL Function or any KQL Object
- Issue with CASE operator - using different data type "Distinct types: I8,StringBuffer"
- Query Optimization in KQL || Pagination
- How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
- KQL ingest query not working with 'Where' statement
- KQL Summarize unable to show Null values
- KQL - Break down timespan of how long an item is in a specific state by day
Related Questions in AZURE-SENTINEL
- Logic Apps: How to use create a new watchlist with data (raw content) module
- Issue with my Logic app - Send-email-with-formatted-incident-report
- KQL - How to enrich an event by matching an IP address to an IP range from a Sentinel Watchlist?
- Place KQL results into an indexable array
- Why does the ClientAppId column in the OfficeActivity table have guids that don't relate back to Enterprise Applications / App Registrations?
- KQL: bag unpack json into single row
- Sending log analytics workspace logs to Sentinel
- Need help to understand if azure sentinel data connection solution is being built correctly
- How to understand Microsoft Entra application required for log ingestion API
- Trying to parse non-uniform JSON arrays with KQL in Sentinel
- No attribute while using yamldecode in Terraform code
- Logic Apps / MS Graph API: Quarantine an email autonomously
- Azure Activity: Storage account access key retrieval
- KQL diferent tables
- How to change/upgrade the microsoft azure function app plan from consumption to premium under microsoft sentinel using GCP Data Connnector?
Related Questions in KQLMAGIC
- kqlmagic: General_BadRequest: Request is invalid and cannot be executed. Error details: ClientRequestId='Kqlmagic.execute;....'
- KQL Query - logins after a url click
- How to write case sensitive queries in kql
- I am trying to connect log analytics with notebook using this command %kql loganalytics://workspace='workspaceid';appkey='primarykey';alias=''
- Print custom message when there is no data in table return by kusto query
- KQL - Joining 2 tables sing Equality by Value
- Kqlmagic returns No valid xcolumn
- Use client-request-properties with Kql magic
- How do I connect kqlmagic to more than one Log Analytics workspace at the same time?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You have few options to achieve it.
(I am the author of Kqlmagic,)