Here’s a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it.
Did you know that KQL supports emoji?
It has to be true emoji, but you can use any emoji search tool like the one found at https://emojipedia.org/.
Locate what you want and then use your mouse cursor to highlight the emoji and copy/paste it into your query. In the example above, you can see my cool dude and celebration emojis.
And, when you save your queries, the emoji sticks with it. You can even save the query to a text file and the emoji character is retained for later use.
Have fun with it and let me know what you come up with.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.