GitBook: [#14] No subject

SUMMARY.md

@@ -1,24 +1,24 @@
 # Table of contents
 
 * [Overview](README.md)
-* [Zero to Hero](readme-1/README.md)
-  * [search](readme-1/search.md)
-  * [take](readme-1/take.md)
-  * [where](readme-1/where.md)
-  * [summarize](readme-1/summarize/README.md)
-    * [arg\_max](readme-1/summarize/arg\_max.md)
-    * [count, countif](readme-1/summarize/count-countif.md)
-    * [dcount, dcountif](readme-1/summarize/dcount-dcountif.md)
-    * [take\_any](readme-1/summarize/take\_any.md)
-  * [distinct](readme-1/distinct.md)
-  * [project](readme-1/project/README.md)
-    * [project-reorder](readme-1/project/project-reorder.md)
-    * [project-away](readme-1/project/project-away.md)
-    * [project-rename](readme-1/project/project-rename.md)
-    * [project-keep](readme-1/project/project-keep.md)
-  * [sort by](readme-1/sort-by.md)
-  * [extend](readme-1/extend.md)
-  * [strcat](readme-1/strcat.md)
+* [Zero to Hero](mmsmoa2022-kql-examples/readme/README.md)
+  * [search](mmsmoa2022-kql-examples/readme/search.md)
+  * [take](mmsmoa2022-kql-examples/readme/take.md)
+  * [where](mmsmoa2022-kql-examples/readme/where.md)
+  * [summarize](mmsmoa2022-kql-examples/readme/summarize/README.md)
+    * [arg\_max](mmsmoa2022-kql-examples/readme/summarize/arg\_max.md)
+    * [count, countif](mmsmoa2022-kql-examples/readme/summarize/count-countif.md)
+    * [dcount, dcountif](mmsmoa2022-kql-examples/readme/summarize/dcount-dcountif.md)
+    * [take\_any](mmsmoa2022-kql-examples/readme/summarize/take\_any.md)
+  * [distinct](mmsmoa2022-kql-examples/readme/distinct.md)
+  * [project](mmsmoa2022-kql-examples/readme/project/README.md)
+    * [project-reorder](mmsmoa2022-kql-examples/readme/project/project-reorder.md)
+    * [project-away](mmsmoa2022-kql-examples/readme/project/project-away.md)
+    * [project-rename](mmsmoa2022-kql-examples/readme/project/project-rename.md)
+    * [project-keep](mmsmoa2022-kql-examples/readme/project/project-keep.md)
+  * [sort by](mmsmoa2022-kql-examples/readme/sort-by.md)
+  * [extend](mmsmoa2022-kql-examples/readme/extend.md)
+  * [strcat](mmsmoa2022-kql-examples/readme/strcat.md)
 * [Hero to Expert](hero-to-expert/README.md)
   * [let](hero-to-expert/let.md)
   * [join](hero-to-expert/join.md)
@@ -36,6 +36,6 @@
 
 ## 💻 Examples
 
-* [Device Inventory](examples/device-inventory/README.md)
-  * [Device OS version](examples/device-inventory/device-os-version.md)
-  * [Same AAD Device ID and Intune Device ID](examples/device-inventory/same-aad-device-id-and-intune-device-id.md)
+* [Device Inventory](microsoft-endpoint-manager/device-inventory/README.md)
+  * [Device OS version](microsoft-endpoint-manager/device-inventory/device-os-version.md)
+  * [Same AAD Device ID and Intune Device ID](microsoft-endpoint-manager/device-inventory/same-aad-device-id-and-intune-device-id.md)

examples/device-inventory/same-aad-device-id-and-intune-device-id.md → microsoft-endpoint-manager/device-inventory/same-aad-device-id-and-intune-device-id.md

@@ -50,8 +50,6 @@ IntuneDevices
 
 ### Get a full list of devices that has multiple AAD Device ID or Intune Device ID
 
-
-
 ```
 let deviceData = IntuneDevices
 | where TimeGenerated > ago(180d) //Gets all data generated in 180 days
@@ -66,4 +64,3 @@ deviceData
 | where SerialNumber in (issueDevices)
 | sort by SerialNumber, EndTime
 ```
-

mmsmoa2022-kql-examples/readme/README.md

@@ -0,0 +1,2 @@
+# Zero to Hero
+

readme-1/distinct.md → mmsmoa2022-kql-examples/readme/distinct.md

@@ -1,6 +1,6 @@
 # distinct
 
-I often use distinct to look for the value that I want to use later as filters or parameters in workbooks. For example, I see IntuneDevices table has a column called ManageBy, but I have no ideas what data we have in this column. 
+I often use distinct to look for the value that I want to use later as filters or parameters in workbooks. For example, I see IntuneDevices table has a column called ManageBy, but I have no ideas what data we have in this column.
 
 ```
 IntuneDevices
@@ -20,4 +20,3 @@ IntuneDevices
     and ManagedBy == 'Co-managed' //filter device are Co-managed
 | summarize arg_max(TimeGenerated, *) by SerialNumber
 ```
-

readme-1/extend.md → mmsmoa2022-kql-examples/readme/extend.md

@@ -1,6 +1,6 @@
 # extend
 
-**extend** allow us to build calculated columns of our query results and append them to the result set. You can also extend custom text as well 
+**extend** allow us to build calculated columns of our query results and append them to the result set. You can also extend custom text as well
 
 ### 📲 Example: calculate Intune device free storage percentage, and convert storage from MB to GB
 

readme-1/project/project-away.md → mmsmoa2022-kql-examples/readme/project/project-away.md

@@ -1,7 +1,5 @@
 # project-away
 
-
-
 ```
 IntuneDevices
 | summarize arg_max(TimeGenerated, *) by SerialNumber

readme-1/search.md → mmsmoa2022-kql-examples/readme/search.md

@@ -1,18 +1,18 @@
 # search
 
-Use <mark style="color:red;">**search**</mark> when you know what are looking for, but don't know from where.&#x20;
+Use <mark style="color:red;">**search**</mark> when you know what are looking for, but don't know from where.
 
 For example, I know I have a device name that starts with **THINK**, I can't remember what exact name it is and I just want to see what data do I get
 
 {% hint style="info" %}
-A faster way to filter the data that you are looking for is to **** use "**where".** &#x20;
+A faster way to filter the data that you are looking for is to \*\*\*\* use "**where".**
 {% endhint %}
 
 {% content-ref url="where.md" %}
 [where.md](where.md)
 {% endcontent-ref %}
 
-### &#x20;🔍Search everything and not case sensitive
+### 🔍Search everything and not case sensitive
 
 ```
 search "*think*"

readme-1/sort-by.md → mmsmoa2022-kql-examples/readme/sort-by.md

@@ -4,7 +4,7 @@ Sort the rows of the input table into order by one or more columns. Default is *
 
 ### 🦄 Example: Intune audit log for the past 7 days
 
- Sort by TimeGenerated column in ascending order. 
+Sort by TimeGenerated column in ascending order.
 
 ```
 IntuneAuditLogs 

readme-1/strcat.md → mmsmoa2022-kql-examples/readme/strcat.md

@@ -3,7 +3,6 @@
 ```
 IntuneDevices
 | extend url = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId)
-
 ```
 
 ![](<../../.gitbook/assets/image (26).png>)

readme-1/summarize/README.md → mmsmoa2022-kql-examples/readme/summarize/README.md

@@ -1,6 +1,6 @@
 # summarize
 
-**summarize** operator is complicated in my opinion.  :smile: And often I still forgot how to use it and even got it all wrong. Because summarize is used with many aggregation funcions. Here is the full list
+**summarize** operator is complicated in my opinion. :smile: And often I still forgot how to use it and even got it all wrong. Because summarize is used with many aggregation funcions. Here is the full list
 
 ### 📃[List of aggregation functions](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/summarizeoperator#list-of-aggregation-functions) <a href="#list-of-aggregation-functions" id="list-of-aggregation-functions"></a>
 
@@ -41,4 +41,3 @@
 | [take\_anyif()](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/take-anyif-aggfunction)                       | Returns a random non-empty value for the group (with predicate)              |
 | [variance()](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/variance-aggfunction)                            | Returns the variance across the group                                        |
 | [varianceif()](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/varianceif-aggfunction)                        | Returns the variance across the group (with predicate)                       |
-

readme-1/summarize/arg_max.md → mmsmoa2022-kql-examples/readme/summarize/arg_max.md

@@ -3,7 +3,7 @@
 Let's try useing the **IntuneDevices** table to count how many devices we have per Operating Systems
 
 {% hint style="danger" %}
-This is an example of a wrong query. The bellow query is getting data that are generated for the past 7 days, returns a count of the records per summarization group by **OS** column. The problem with this query is IntuneDevices table gets all the devices' data once per day, which means there are duplicate rows. 
+This is an example of a wrong query. The bellow query is getting data that are generated for the past 7 days, returns a count of the records per summarization group by **OS** column. The problem with this query is IntuneDevices table gets all the devices' data once per day, which means there are duplicate rows.
 {% endhint %}
 
 ```
@@ -38,7 +38,6 @@ IntuneDevices
     and todatetime(LastContact) > ago(60d) //We need to convert LastContact to date time format
 | summarize arg_max(TimeGenerated, OS) by SerialNumber
 | summarize count() by OS
-
 ```
 
 ![](<../../../.gitbook/assets/image (23) (1) (1).png>)

readme-1/take.md → mmsmoa2022-kql-examples/readme/take.md

@@ -1,10 +1,9 @@
 # take
 
-In the previous chapter, we talked about **search**, it often returns lots of rows in the result. It's useful to use **take** to get some examples of the results but not all of them. There is no guarantee which rows it will return or if they are exact same. 
+In the previous chapter, we talked about **search**, it often returns lots of rows in the result. It's useful to use **take** to get some examples of the results but not all of them. There is no guarantee which rows it will return or if they are exact same.
 
 ```
 IntuneDevices
 | search DeviceName matches regex "[A-Z]-"
 | take 10
 ```
-

readme-1/where.md → mmsmoa2022-kql-examples/readme/where.md

@@ -55,4 +55,3 @@ IntuneDevices
 IntuneDevices
 | search DeviceName matches regex "[A-Z]-"
 ```
-