Azure Data Explorer (Kusto)

Azure Data Explorer (Kusto) destination plugin

Azure Data Explorer (Kusto) is a cloud-based analytics service offered by Microsoft Azure. It's designed to help users analyze large amounts of data. Kusto uses a proprietary query language called KQL (Kusto Query Language) that enables users to perform complex data queries and visualizations. Kusto can be used for log and telemetry data analysis, as it is designed to handle large amounts of structured and unstructured data in real-time. Use the Azure Monitor Logs destination plugin to configure your Calyptia Core pipeline to send your logs and metrics data directly to Azure Data Explorer (Kusto).

Configuration parameters

The Azure Data Explorer (Kusto) destination plugin provides these configuration parameters.

General

Key Description

Key	Description
Tenant ID	The tenant/domain ID of the AAD registered application.
Client ID	Required - The client ID of the AAD registered application.
Ingestion Endpoint	The clusters ingestion endpoint, usually in the form `https://ingest-cluster\_name.region.kusto.windows.net`.
Database Name	The database name.
Table Name	The table name.

Tenant ID

The tenant/domain ID of the AAD registered application.

Client ID

Required - The client ID of the AAD registered application.

Ingestion Endpoint

The clusters ingestion endpoint, usually in the form https://ingest-cluster\_name.region.kusto.windows.net.

Database Name

The database name.

Table Name

The table name.

Advanced

Key	Description
Ingestion Mapping Reference	The name of a JSON ingestion mapping that will be used to map the ingested payload into the table columns.
Log Key	Key name of the log content.
Enable Tag Key	If enabled, the tag is appended to output. The key name is used tag_key property.
Tag Key	Optional. Specify the key name where the tag is stored.
Enable Time Key	If enabled, a timestamp is appended to output. The key name is used time_key property.
Time Key	Optional. Specify the key name where the timestamp is stored.

Key

Description

Ingestion Mapping Reference

The name of a JSON ingestion mapping that will be used to map the ingested payload into the table columns.

Log Key

Key name of the log content.

Enable Tag Key

If enabled, the tag is appended to output. The key name is used tag_key property.

Tag Key

Optional. Specify the key name where the tag is stored.

Enable Time Key

If enabled, a timestamp is appended to output. The key name is used time_key property.

Time Key

Optional. Specify the key name where the timestamp is stored.

Security and TLS

Key Description

Key	Description
TLS	Enable or disable TLS/SSL support.
TLS Certificate Validation	Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.
TLS Debug Level	Set TLS debug verbosity level. Accepts these values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational), `4` (Verbose).
CA Certificate File Path	Absolute path to CA certificate file.
Certificate File Path	Absolute path to certificate file.
Private key File Path	Absolute path to private key file.
Private Key Path Password	Optional password for `tls.key_file` file.
TLS SNI Hostname Extension	Hostname to be used for TLS SNI extension.

TLS

Enable or disable TLS/SSL support.

TLS Certificate Validation

Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.

TLS Debug Level

Set TLS debug verbosity level. Accepts these values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).

CA Certificate File Path

Absolute path to CA certificate file.

Certificate File Path

Absolute path to certificate file.

Private key File Path

Absolute path to private key file.

Private Key Path Password

Optional password for tls.key_file file.

TLS SNI Hostname Extension

Hostname to be used for TLS SNI extension.

The following are Advanced Networking configuration Parameters for Azure Data Explorer (Kusto) Destination Plugin.

Key	Description
DNS Mode	Select the primary DNS connection type (TCP or UDP)
DNS Resolver	Select the primary DNS connection type (TCP or UDP)
Prefer IPv4	Prioritize IPv4 DNS results when trying to establish a connection
Keepalive	Enable or disable Keepalive support
Keepalive Idle Timeout	Set maximum time allowed for an idle Keepalive connection
Max Connect Timeout	Set maximum time allowed to establish a connection, this time includes the TLS handshake
Max Connect Timeout Log Error	On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message
Max Keepalive Recycle	Set maximum number of times a keepalive connection can be used before it is retired.
Source Address	Specify network address to bind for data traffic

Key

Description

DNS Mode

Select the primary DNS connection type (TCP or UDP)

DNS Resolver

Select the primary DNS connection type (TCP or UDP)

Prefer IPv4

Prioritize IPv4 DNS results when trying to establish a connection

Keepalive

Enable or disable Keepalive support

Keepalive Idle Timeout

Set maximum time allowed for an idle Keepalive connection

Max Connect Timeout

Set maximum time allowed to establish a connection, this time includes the TLS handshake

Max Connect Timeout Log Error

On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message

Max Keepalive Recycle

Set maximum number of times a keepalive connection can be used before it is retired.

Source Address

Specify network address to bind for data traffic

PreviousAzure Blob Storage NextAzure EventHub

Last updated 1 month ago