Query Details
Enumerating Identities Deprecated
Query
| mv-apply Entities on (
extend
EntityValue = tostring(Entities[tostring(bag_keys(Entities)[1])]),
EntityType = tostring(Entities["Type"])
| where isnotempty(EntityType)
| summarize take_any(Entities) by EntityValue, EntityType
| sort by EntityType desc
| summarize Entities = make_list(Entities)
)
| mv-apply with_itemindex = Index_aux Entities on (
extend Entities = bag_merge(bag_pack(@"$id", tostring(Index_aux + 2)), bag_remove_keys(Entities, dynamic(["$id"])))
| summarize Entities = tostring(array_sort_asc(make_list(Entities)))
)
Explanation
The query is using the Kusto Query Language (KQL) to perform several operations on a dataset called "Entities".
First, it applies the "mv-apply" operator to iterate over each entity in the dataset. It extends the entity by adding two new properties: "EntityValue" and "EntityType". "EntityValue" is the value of the first key in the entity, converted to a string, and "EntityType" is the type of the entity, also converted to a string.
Next, it filters out any entities where the "EntityType" is empty.
Then, it groups the entities by their "EntityValue" and "EntityType" properties, and takes any one entity from each group.
After that, it sorts the entities by their "EntityType" in descending order.
Finally, it groups all the entities together and creates a list of them.
In the next part of the query, it applies another "mv-apply" operator to iterate over each entity in the list. It extends the entity by merging it with a new bag that contains the item index plus 2 as the value for the key "$id". It then removes the "$id" key from the entity.
Next, it groups the entities together and sorts them in ascending order.
The result of the query is the final list of entities, with each entity having the "$id" key removed and the entities sorted in ascending order.
Details
Jose Sebastián Canós
Released: February 6, 2023
Tables
Keywords
Operators