The Bit Bucket

It’s time to look at what makes KQL different from traditional query languages.

At its foundation, KQL works with tables, rows, and columns, just like SQL. The structure feels familiar, but the query model is quite different.

KQL queries are built from operators — like where, summarize, project, and extend — and these are chained together using the pipe (|) symbol. Each operator takes the output of the previous one and transforms it further. It’s like building a data pipeline, one step at a time. This makes it incredibly readable and modular — you can easily add, remove, or rearrange steps without rewriting the whole query.

2026-06-06

BACKUP TO URL was introduced as an add-on in Cumulative Update 2 for SQL Server 2012 Service Pack 1 and as a built-in feature for SQL Server 2014. I’ve talked about it in previous blog posts.

We have been using this in a variety of ways from on-premises systems:

For example, it is an easy way to distribute a backup of a database to a large number of systems. Imagine you have a chain of retail stores that needs product and other reference information updated regularly. You can keep this data in a separate database at the head office, back it up to an Azure Storage account, and have each store download it separately.  This has major bandwidth and reliability improvements over other solutions such as having each store maintain a VPN connection to the head office.

2026-06-05

KQL, or Kusto Query Language, is a read-only, declarative query language.

Unlike SQL, which is procedural and typically runs in relational systems, KQL is pipeline-based. Each operation feeds directly into the next using the pipe (|) operator. This makes it incredibly intuitive once you get used to it — you start with a dataset, apply filters, transformations, and aggregations step by step, building your query like a flow of operations.

2026-06-04

I saw a question on a SQL Server mailing list about how to determine the Windows groups for a given SQL Server login.

That’s actually easy for a sysadmin login, as they have IMPERSONATE permission for other logins/users.

Here is an example procedure:

USE tempdb;
GO

CREATE OR ALTER PROCEDURE dbo.GetGroupsForALogin
@LoginName sysname
AS
BEGIN
    EXECUTE AS Login = @LoginName;

    SELECT [name] AS GroupName,
           usage AS Usage
    FROM sys.login_token 
    WHERE [type] = N'WINDOWS GROUP';
END;
GO

When I executed this on one of my SQL Server 2025 systems this way:

2026-06-03

In an ideal world, every event in a data stream would arrive exactly when it was generated and in perfect chronological order. But in reality, streams are messy. Events can arrive late, out of sequence, or even replayed after retries. This is a normal characteristic of distributed systems — not a failure — and it’s something we need to design for in any real-time analytics pipeline.

There are several reasons why events might not arrive in order. Sometimes there’s network latency between devices and the ingestion point. Other times, devices might buffer data locally and send it in batches when a connection becomes available. In cloud or IoT scenarios, retries or transient service interruptions can also cause duplicates or delayed messages. So, when you’re analyzing a stream, the order of arrival isn’t always the same as the order of occurrence.

2026-06-02

I recently received a review copy of Extreme DAX: Take your Power BI and Fabric analytics skills to the next level by Michiel Rozema, Madzy Stikkelorum, and Henk Vlootman from my friends at PackT.

Authors

Michiel Rozema is a long-term IT industry veteran. He was the data insight lead at Microsoft Netherlands and launched Power BI in the country. Michiel works as a data analyst and architect for his company Qanto. He is a fellow Data Platform MVP.

2026-06-01

I’ve mentioned that in Microsoft Fabric, both KQL and SQL are available as query options — and they each have their strengths. So when should we use each?

KQL, or Kusto Query Language, is purpose-built for analyzing logs, telemetry, time-series, and streaming data. It’s optimized for massive volumes of events, and it’s designed to help you spot trends, anomalies, and behaviors over time. If you’re working with sensor readings, application traces, or event streams, KQL is the natural fit.

2026-05-31

This is more for my own reference than anything else but I needed to enter a backslash key while using a US keyboard but with UK keyboard settings.

After trying pretty much every key on the keyboard in all combinations, I realised there was no key combination that would do this directly. Curiously it’s a common problem and I found untold blog and forum entries that were not helpful. They basically said to change your input to US when using a US keyboard.

2026-05-30

KQL, or Kusto Query Language, is the primary way we interact with data stored in a KQL database. It’s a read-only, declarative language — meaning you describe what result you want, rather than giving the system a sequence of procedural steps to perform. It’s designed specifically for interactive analytics on large, fast-moving datasets such as telemetry, logs, or IoT events, where you need quick insights rather than data updates.

One of the biggest differences you’ll notice compared with SQL is the pipeline syntax. Instead of writing long, nested queries with sub-selects or CTEs, KQL uses the pipe operator (|) to pass the output of one operation directly into the next. This creates a kind of query “flow” — very readable and very modular. For example, you might start with a table name, filter the rows, then summarize, and finally sort the results, each step connected by a pipe. It reads much more like a logical sequence of transformations than a single dense statement.

2026-05-29

I often need to create a T-SQL script that reliably drops and recreates a database each time it is executed. A common requirement is that I’m building a script to test come concept and I want to just re-run a script to get back to a known point after cleaning up all that I’ve done before. I could even just want to create a database in a particular way, and I want to make sure it doesn’t already exist.

2026-05-28