In my Jupyter notebook, I want to run the same KQL query against different Sentinel workspaces and compare the results as data frames. Is there an easy way to have multiple workspace connections at the same time or would I need to reconnect and query each workspace individually every time I change my KQL query?
How do I connect kqlmagic to more than one Log Analytics workspace at the same time?
475 Views Asked by gorzilla At
2
There are 2 best solutions below
0
Ked Mardemootoo
On
See if cross-workspace queries satisfy your requirements. And a bit more documentation here. Cross-workspace queries are for exactly you describe. You use a union operator to link both - similar to how you would link two tables using union.
Snipped from the article:
workspace('<workspace-A>').SecurityEvent
| union workspace('<workspace-B>').SecurityEvent
Related Questions in JUPYTER-NOTEBOOK
- Display API documentation as an IPython notebook
- Using matplotlib.pyplot in iPython Notebook
- Executing Javascript cells in Jupyter Notebooks
- SVG elements that worked in past versions of iPython notebook dont seem to work any more
- URLError with SPARQLWrapper at sparql.query().convert()
- Print into console terminal not into cell output of IPython Notebook
- How to modify the line width of ipython notebook markdown cell
- How to align the pandas series in ipython notebook?
- IPython notebook launched, but cannot login via Browser
- Viewing graphs in Jupyter or IPython
- Spark context 'sc' not defined
- Getting UnicodeDecodeError when transposing DataFrame in iPython
- iPython HighCharts Example Notebook
- Matplotlib Python inline on/off
- Arrow color does not change in iPython when I am annotating a point on the scatterplot
Related Questions in KQL
- Kibana - combine two columns to create a new column in Kibana
- First query string parameter not parsed
- Kusto: How to convert table value to scalar and return from user defined function
- In kql, how can I convert `make-series` in to table?
- Kusto: query to group http status codes
- Azure Resource Graph Explorer - Query Azure VM descriptions, OS, sku - I need to join to columns (OS and sku in one)
- Kusto table transformation
- How to apply python for loops over Kusto query?
- Having trouble selecting rows using KQL (Kusto)
- Only use continuous dataset and cut off data, when there is a gap in the data in Kusto
- Kusto set variable output of query
- Kusto query : how to replace empty or blank values(rows) under a column with a string like 'unknown'?
- Azure Kusto language query through all tables
- How to filter the results based on the time in Azure Log Analytics Workspace
- How to calculate duration between two consecutive requests in the same session in Kusto
Related Questions in AZURE-SENTINEL
- How to create a playbook in Azure Sentinel that detects, alerts, and removes email forwarding rule(s) from Office 365?
- Sentinel Analytical Rule Issue: No Results for 24-hour Time Range with Cisco Firewall Events Join
- Azure Sentinel: Be notified when a playbook run fails or playbook action is disconnected
- Execute block of code in terraform if name of sentinel alert is equal to specific alert name rule
- Is a time-based trigger possible with Azure Sentinel / Logic Apps
- Using KQL and externaldata() operator to pull infromation from Azure storage account table
- Error getting results on KQL using ipv4_lookup and watchlist functions
- KQL Query Help - Correlating Data from multiple tables
- Why Microsoft Sentinel alerts doesn't appear in graph api
- Count how many elements are in an array created by make_set in kusto language
- how to select json in kusto sql
- Azure Sentinel Heartbeat Monitor
- Azure AKS in-container logs to Azure Logs/Azure Sentinel
- Azure Sentinel ThreatIntelligence duplicate data
- Azure Sentinel, Analytics Rule 14 days lookback limit
Related Questions in KQLMAGIC
- KQL Query - logins after a url click
- How do I connect kqlmagic to more than one Log Analytics workspace at the same time?
- Use client-request-properties with Kql magic
- Kqlmagic returns No valid xcolumn
- Print custom message when there is no data in table return by kusto query
- KQL - Joining 2 tables sing Equality by Value
- kqlmagic: General_BadRequest: Request is invalid and cannot be executed. Error details: ClientRequestId='Kqlmagic.execute;....'
- I am trying to connect log analytics with notebook using this command %kql loganalytics://workspace='workspaceid';appkey='primarykey';alias=''
- How to write case sensitive queries in kql
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You have few options to achieve it.
(I am the author of Kqlmagic,)