Updating the Must Learn KQL Workshop: Empowering You to Build Custom Learning Experiences

Whether you're training your team, educating customers, or just diving deeper yourself, this update puts the power in your hands.

Hello, fellow data enthusiasts and security pros! If you've been following my journey with the Kusto Query Language (KQL), you know how passionate I am about making this powerful tool accessible to everyone. Today, I'm thrilled to share an exciting update to the Must Learn KQL Workshop. I've revamped the workshop page to incorporate the latest Workshop Series modules, giving you the flexibility to mix and match content and create tailored KQL workshops that fit your unique needs. Whether you're training your team, educating customers, or just diving deeper yourself, this update puts the power in your hands.

Let's dive into the details—what this means, why it matters, and how you can get started.

A Quick Refresher: What is KQL and Why Must You Learn It?

For those new to the scene, KQL (Kusto Query Language) is Microsoft's query language designed for big data analytics. It's the backbone of tools like Azure Data Explorer, Microsoft Sentinel, Microsoft Defender, and even Intune reporting. KQL allows you to slice through massive datasets with ease, uncovering insights for security investigations, performance monitoring, and more. Its syntax is intuitive yet robust, blending elements of SQL with modern data processing capabilities.

The beauty of KQL lies in its simplicity and power—once you get the hang of it, you'll wonder how you ever managed without it. But learning it can feel daunting at first, especially with the sheer volume of data in cloud environments. That's where the Must Learn KQL series (https://aka.ms/MustLearnKQL) comes in.

The Must Learn KQL Series: Your Gateway to Mastery

Launched back in 2021, the Must Learn KQL series started as a blog on Substack to demystify KQL through practical explanations, code samples, and hands-on queries. Over time, it evolved into a comprehensive resource ecosystem:

• Blog Posts: A step-by-step series covering everything from basics (like tools and workflow) to advanced topics (such as joins, unions, and building analytics rules in Microsoft Sentinel).

• eBook and Paperback: A free PDF compilation of the series, updated regularly, or a physical copy available on Amazon (with proceeds benefiting St. Jude Children's Research Hospital).

• Videos: A YouTube playlist with follow-along tutorials, perfect for visual learners.

• Assessment and Certificate: Test your knowledge with a 25-question quiz and earn a certificate upon passing.

• Advanced Content: Spin-offs like KQL Mysteries for deeper dives and even an "Addicted to KQL" series for blackbelt-level expertise.

The GitHub repository serves as the central hub, housing code, queries, and all resources. It's been a game-changer for thousands, with the workshop materials alone downloaded over 300 times shortly after release.

The Big Update: Introducing Mix-and-Match Workshop Modules

Now, onto the star of this post—the updated Must Learn KQL Workshop! Previously, the workshop was a structured set of materials designed for guided learning or team sessions. But I've listened to your feedback: many of you wanted more customization to align with specific scenarios, like focusing on security analytics or data visualization.

That's why I've integrated the new Workshop Series modules directly into the workshop page. These modules build on the core series but are now modularized for flexibility. You can pick and choose based on your goals, audience, or time constraints. Think of it as a KQL buffet—select the appetizers, mains, and desserts that suit your taste!

What's in the Workshop Series Modules?

Drawing from the foundational series, the modules cover key KQL concepts in bite-sized, self-contained units. Here's a glimpse of what you might find (based on the evolving series structure):

Each module includes:

• Explanatory text and examples.

• Sample queries to copy-paste and run.

• Hands-on activities using demo environments (no setup required for basics).

• Links to corresponding videos and blog posts for deeper dives.

The new additions emphasize modularity, with updated content reflecting KQL's evolution (like enhancements for AI integrations and advanced editions released in 2025).

How to Mix and Match for Your Own Custom Workshop

Creating a custom workshop is straightforward:

1. Head to the GitHub Repo: Navigate to https://github.com/rod-trent/MustLearnKQL/tree/main/Workshop.

2. Browse the Modules: Review the directory for individual module files.

3. Select and Sequence: Choose modules that align with your objectives. For a beginner session, start with Basics and Operators. For a security-focused workshop, prioritize Practical Applications.

4. Customize: Edit the content if needed—add your own examples, branding, or company-specific data scenarios.

5. Deliver: Use the materials for in-person training, virtual sessions, or self-paced learning. Pair with the demo environment for interactive practice.

Prerequisites are minimal: Access to a KQL-compatible tool like the Azure portal or Log Analytics demo workspace. No advanced setup is required, making it ideal for quick starts.

Why This Update Matters

In a world where data volumes explode daily, mastering KQL isn't just a skill—it's a superpower for cloud security, operations, and analytics. By making the workshop modular, we're empowering you to:

• Personalize Learning: Tailor content to your team's skill level or industry focus.

• Scale Training: Easily adapt for large groups, customers, or ongoing education programs.

• Stay Current: Incorporate the latest KQL features, including those from advanced series like KQL Mysteries.

• Give Back: Remember, resources like the book and merch support St. Jude—learning while contributing to a great cause.

Feedback from early adopters has been fantastic, and I've even added a form for sharing your experiences and attendee numbers.

Get Started Today!

Ready to build your custom KQL workshop? Jump over to the updated page on GitHub: https://github.com/rod-trent/MustLearnKQL/tree/main/Workshop. Download, mix, match, and let me know how it goes—drop a comment below, tweet with #MustLearnKQL, or email feedback.

If you're new, start with the full series index at aka.ms/MustLearnKQL. And if you've completed the basics, challenge yourself with the assessment for that shiny certificate.

Thanks for being part of this community. Let's keep pushing the boundaries of what's possible with KQL!

Stay query-ing!