KQL Tool README

This extension provides syntax highlighting, code snippets, and formatting for KQL (Kusto Query Language). Bundled with Webpack

Note: Color highlighting and formatting settings will be automatically added to settings.json when the extension is activated.

You can change the predefined colors and the formatter via settings.json

{
  "scope": "variable.system.kql",
  "settings": {
    "foreground": "#7FDBFF",
    "fontStyle": "bold"
  }
},
{
  "scope": "keyword.logical.kql",
  "settings": {
    "foreground": "#d22020",
    "fontStyle": "bold"
  }
},
{
  "scope": "keyword.clause.kql",
  "settings": {
    "foreground": "#887fff",
    "fontStyle": "bold"
  }
},
{
  "scope": "keyword.operator.symbol.kql",
  "settings": {
    "foreground": "#ef25ce",
    "fontStyle": "bold"
  }
},
{
  "scope": "variable.other.kql",
  "settings": {
    "foreground": "#FFA07A"
  }
},
{
  "scope": "builtin.function.kql",
  "settings": {
    "foreground": "#DDA0DD"
  }
},
{
  "scope": "builtin.aggregation_function.kql",
  "settings": {
    "foreground": "##1E90FF",
  }
},
{
  "scope": "keyword.define.kql",
  "settings": {
    "foreground": "#90EE90",
    "fontStyle": "bold"
  }
},
{
  "scope": "keyword.flowcontrol.kql",
  "settings": {
    "foreground": "#3d31ec",
    "fontStyle": "bold"
  }
},
{
  "scope": "keyword.query.kql",
  "settings": {
    "foreground": "#FFD580"
  }
},
{
  "scope": "type.data.kql",
  "settings": {
    "foreground": "#B0E0E6"
  }
},
{
  "scope": "constant.numeric.kql",
  "settings": {
    "foreground": "#87CEFA"
  }
},
{
  "scope": "comment.singleline.kql, comment.block.kql",
  "settings": {
    "foreground": "#A9A9A9",
    "fontStyle": "italic"
  }
},
{
  "scope": "string.doublequote.kql, string.singlequote.kql",
  "settings": {
    "foreground": "#66FF66",
    "fontStyle": "bold"
  }
},
{
  "scope": "string.verbatim.doublequote.kql, string.verbatim.singlequote.kql",
  "settings": {
    "foreground": "#228B22"
  }
}

  "[kql]": {
    "editor.defaultFormatter": "fangweij.kql-tools-vscode",
    "editor.formatOnSave": true
  },

Code Snippets

I created severval customized code snippets => try typing "inv"

Diagnostics

Reference

Microsoft Learn: KQL Quick Reference

Microsoft Learn: deviceprocessevents table

Microsoft Sentinel security alert schema reference

Feel free to open an issue or send a pull request to help improve this extension 🙂.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
Resources		Resources
snippets		snippets
src		src
syntaxes		syntaxes
.gitignore		.gitignore
.vscode-test.mjs		.vscode-test.mjs
.vscodeignore		.vscodeignore
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
eslint.config.mjs		eslint.config.mjs
icon.png		icon.png
language-configuration.json		language-configuration.json
package.json		package.json
tsconfig.json		tsconfig.json
webpack.config.js		webpack.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

KQL Tool README

Code Snippets

Diagnostics

Reference

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

ESJiang/KQL

Folders and files

Latest commit

History

Repository files navigation

KQL Tool README

Code Snippets

Diagnostics

Reference

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages