Learning Path 4 - Lab 1 - Exercise 1 - Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

[LewisGoDeploy]

What happened?

Learning Path 4 - Lab 1 - Exercise 1 - Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Description of issue: Error when trying to run search command in KQL

Task 2: Run Basic KQL Statements

1. The following statement demonstrates the search operator, which searches all columns in the table for the value. In the Query Window enter the following statement and select Run:

search "new"

Screenshot attached. Maximum response size exceeded.

Lab

Other

Relevant screenshots

Do you want to help us? 👏

• [ ] Create a Pull Requestt by following this project's Contribution Guide

[KenMAG]

I'll test this. I have not seen this happen before.

[KenMAG]

This only happens on the LA Demo site. If you run it in a lab Sentinel instance it is fine. They probably have too many new events. I would skip it for now.

[LewisGoDeploy]

I will skip but please note that the instructions state to use the LA demo site: https://aka.ms/lademo

[KenMAG]

You can use search "location" with the time range at Last 30 minutes. I'll update the instructions and add a note about using "Search"