Kusto Detective Agency Season 1 (Challenge 0)#

The first challenge is pretty much just getting set up. Follow the instructions as they are given to you until you have the database imported. While this challenge is trivial, take the time to understand what is going on and follow general best practices for investigating the data provided.

We should start by trying to understand the data we are working with. Our table is “Onboarding”, which we can see in the provided script
KDA_S1_C0_import.png

We can also see it in our data explorer view. If you expand the table you will see the columns and their associated types. In this case, it’s very simple. However when approaching any new data you should always take time to understand what you’re working with. One of the worst feelings is spending ages trying to extract data from a table then finding the result is already present in another column.
KDA_S1_C0_columns.png

So, now we know we’ve only got one column, lets take a look at the data. We COULD simply query the entire table

Onboarding

however this will result in a lot of data and could be quite taxing on the backend. Instead we should grab a subset. We can achieve this with the top command. It requires a column to sort by, but as we only have one this is easy. In ‘real’ data, you could pick an arbritary column but general practice is either a record number (recnum) or create date.

Onboarding
| top 100 by Score

KDA_S1_C0_top.png

So, our data is jus a list of random scores < 10 million. To sum them, we use the summarize command.

Onboarding
| summarize sum(Score)

KDA_S1_C0_sum.png

This will provide you the answer to the first challenge. They get harder, promise :-)