Kusto Query Language: the PowerShell of query languages?

I don’t usually get into speculation or predictions. More often than not they turn out wrong. However, something that I’ve been thinking about is the Kusto Query Language, which is the language behind many of my recent posts on Azure Log Analytics. But the PowerShell of query languages? PowerShell is pretty ubiquitous at this point, even AWS, VMWare & Citrix all have PowerShell modules. And its more rare to find a Microsoft product that doesn’t ship with PowerShell at this point, than those that do. Kusto has only been around for 2 or so years, so we’re obviously still talking about a young language.

Products Using Kusto Query Lanaguage

First, what currently uses the Kusto language?

Windows Defender Advanced Threat Protection

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection

Azure Security Center via Log Analytics

https://docs.microsoft.com/en-us/azure/security-center/security-center-search

And of course, where, to my knowledge, the language originated from, Application Insights.

https://blogs.msdn.microsoft.com/bharry/2016/03/28/introducing-application-analytics/

This blog post is the first mention I can find of the name Kusto. However, its use in official documentation is hit or miss. And I don’t believe MS has ever officially announced the name Kusto.

And then the Configuration Manager team announced CMPivot, which also uses Kusto, however they say it uses a subset of the Log Analytics language.

https://docs.microsoft.com/en-us/sccm/core/servers/manage/cmpivot

And of course Log Analytics, which offers a number of monitoring solutions across Azure and on-prem, as add-ons that allow you ingest log and metric data into your workspace.

So, we already have 5 different products that use the language and a number of solutions that send data to Log Analytics. Currently Azure Security Center, Log Analytics and Application Insights data can all be queried from a Log Analytics workspace. CMPivot and Windows Defender ATP have their own query spaces. And if you read to the bottom of the Application Insights blog you can infer that Kusto is also used internally for some MS products as well. That’s a lot of ways to use KQL for querying data.

My not so informed speculation

MS will continue to migrate products and services over to the language, either via their own query spaces or by offering ingestion of the data into a Log Analytics workspace. Making the language very ubiquitous across Microsoft software and services. Should this happen, knowing the language could end up being as valuable to your career as knowing PowerShell currently is.

Of course Ignite 2018 is in less than a week and they could change the name (please don’t). Of course if they do I will update my posts and tags to not cause any further confusion. Looking at you Operations Management Suite name that is now going away.

 

Hi, I’m Billy York.  I’m a Cloud and Datacenter Engineer, specializing in monitoring and automation. Here you’ll find posts about System Center Operations Manager, Powershell, Hyper-V, Azure Automation, Azure Log Analytics and other Microsoft related technologies.