Query and analyze big data in Azure Data Explorer (Kusto) using KQL. Use this skill for log analytics, time series analysis, telemetry insights, IoT data exploration, and real-time data investigation across large datasets with sub-second query performance.
View on GitHubmicrosoft/GitHub-Copilot-for-Azure
azure
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/azure-kusto/SKILL.md -a claude-code --skill azure-kustoInstallation paths:
.claude/skills/azure-kusto/# Azure Data Explorer (Kusto) Query & Analytics Execute KQL queries and manage Azure Data Explorer resources for fast, scalable big data analytics on log, telemetry, and time series data. ## Skill Activation Triggers **Use this skill immediately when the user asks to:** - "Query my Kusto database for [data pattern]" - "Show me events in the last hour from Azure Data Explorer" - "Analyze logs in my ADX cluster" - "Run a KQL query on [database]" - "What tables are in my Kusto database?" - "Show me the schema for [table]" - "List my Azure Data Explorer clusters" - "Aggregate telemetry data by [dimension]" - "Create a time series chart from my logs" **Key Indicators:** - Mentions "Kusto", "Azure Data Explorer", "ADX", or "KQL" - Log analytics or telemetry analysis requests - Time series data exploration - IoT data analysis queries - SIEM or security analytics tasks - Requests for data aggregation on large datasets - Performance monitoring or APM queries ## Overview This skill enables querying and managing Azure Data Explorer (Kusto), a fast and highly scalable data exploration service optimized for log and telemetry data. Azure Data Explorer provides sub-second query performance on billions of records using the Kusto Query Language (KQL). Key capabilities: - **Query Execution**: Run KQL queries against massive datasets - **Schema Exploration**: Discover tables, columns, and data types - **Resource Management**: List clusters and databases - **Analytics**: Aggregations, time series, anomaly detection, machine learning ## Core Workflow 1. **Discover Resources**: List available clusters and databases in subscription 2. **Explore Schema**: Retrieve table structures to understand data model 3. **Query Data**: Execute KQL queries for analysis, filtering, aggregation 4. **Analyze Results**: Process query output for insights and reporting ## Query Patterns ### Pattern 1: Basic Data Retrieval Fetch recent records from a table with simple filtering. **Example KQL**: `