For my work in the Security Operations & Control Center (SOCC) of the Vrije Universiteit Amsterdam, I spend a lot of time diving into logs, usually through the Kusto Query Language (KQL). Because I keep looking up the same syntax documentation, here I aim to write some small reminders for myself.
joining two tables on differently named columns: join _Table to join_ on $.left._Left table column name_ == $right._Right table column name_
project a column on a certain condition: project [ColumnName [= _Expression_]