CYBERDOM

Just another day of IR, Threat-Hunting & Microsoft Security

Learn KQL – Numerical Operators

by · September 19, 2020

In numerical analysis, a numerical method is a mathematical tool designed to solve numerical problems. The implementation of a numerical method with an appropriate convergence check-in in a programming language is called a numerical algorithm.

The types int, long, and real represent numerical types. The following operators can be used between pairs of these types:

Operator Description Example
+ Add 3.14 + 3.14ago(5m) + 5m
- Subtract 0.23 - 0.22,
* Multiply 1s * 52 * 2
/ Divide 10m / 1s4 / 2
% Modulo 4 % 2
< Less 1 < 1010sec < 1hnow() < datetime(2100-01-01)
> Greater 0.23 > 0.2210min > 1secnow() > ago(1d)
== Equals 1 == 1
!= Not equals 1 != 0
<= Less or Equal 4 <= 5
>= Greater or Equal 5 >= 4
in Equals to one of the elements
!in Not equals to any of the elements
Post Contents Show

The Numerical Operators

Operator “<“

The “<” operator means “less”.

For example, if we run the following command and we’re interested in values that are less than 3, we need to run the following query:

AuditLogs
| summarize count() by OperationName
| where count_ < 3

Another example is less 3 days by time generated with the following example:

OfficeActivity
| where TimeGenerated < ago(3d)

Operator “>” 

The “>” operator means “greater”.

For example, if we run the command and we’re interested in values that are more than 3, we need to run the following query:

AuditLogs
| summarize count() by OperationName
| where count_ > 3

Another example is less 3 days by time generated with the following example:

OfficeActivity
| where TimeGenerated > ago(3d)

Operator “<=”

The “<=” means “less or equal”.

For example, if we want values that are less or equals than 3, we need to run the following KQL query:

AuditLogs
| summarize count() by OperationName
| where count_ <= 3

Operator “>=” 

The “>=” operator means “greater or equals”.

For example, if we want values that are greater or equals than 3, we need to run the following KQL query:

AuditLogs
| summarize count() by OperationName
| where count_ >= 3

For more blog-posts about KQL

 

Learn KQL – Numerical Operators

by · September 19, 2020

In numerical analysis, a numerical method is a mathematical tool designed to solve numerical problems. The implementation of a numerical method with an appropriate convergence check-in in a programming language is called a numerical algorithm.
The types int, long, and real represent numerical types. The following operators can be used between pairs of these types:

Operator Description Example
+ Add 3.14 + 3.14ago(5m) + 5m
- Subtract 0.23 - 0.22,
* Multiply 1s * 52 * 2
/ Divide 10m / 1s4 / 2
% Modulo 4 % 2
< Less 1 < 1010sec < 1hnow() < datetime(2100-01-01)
> Greater 0.23 > 0.2210min > 1secnow() > ago(1d)
== Equals 1 == 1
!= Not equals 1 != 0
<= Less or Equal 4 <= 5
>= Greater or Equal 5 >= 4
in Equals to one of the elements
!in Not equals to any of the elements

The Numerical Operators

Operator “<“
The “<” operator means “less”.
For example, if we run the following command and we’re interested in values that are less than 3, we need to run the following query:

AuditLogs
| summarize count() by OperationName
| where count_ < 3


Another example is less 3 days by time generated with the following example:

OfficeActivity
| where TimeGenerated < ago(3d)

Operator “>” 
The “>” operator means “greater”.
For example, if we run the command and we’re interested in values that are more than 3, we need to run the following query:

AuditLogs
| summarize count() by OperationName
| where count_ > 3


Another example is less 3 days by time generated with the following example:

OfficeActivity
| where TimeGenerated > ago(3d)

Operator “<=”
The “<=” means “less or equal”.
For example, if we want values that are less or equals than 3, we need to run the following KQL query:

AuditLogs
| summarize count() by OperationName
| where count_ <= 3


Operator “>=” 
The “>=” operator means “greater or equals”.
For example, if we want values that are greater or equals than 3, we need to run the following KQL query:

AuditLogs
| summarize count() by OperationName
| where count_ >= 3


For more blog-posts about KQL
 

Tags:

You may also like...

Leave a Reply

error: Content is Protected !!
%d bloggers like this: