A module for exploring real-time streams of events
Project description
Real-Time KQL for Python
To process data with Kusto Query Language (KQL) queries today, users generally have to upload their data to storage first and then query it. The Kql Tools eliminate this need by processing event streams with KQL queries as events arrive, in real-time.
Usage
Real-Time KQL is broken up into three parts: the output, the query, and the input.
The Output
Real-Time KQL for Python has a PythonOutput class that allows you to customize what happens to events when they are outputted. The simplest usage of the PythonOutput class is to instantiate it with no parameters. This will print events to console in JSON format:
>>> from realtimekql import *
>>> o = PythonOutput()
To customize the output, you can pass in any Python function that takes a dictionary as the only parameter to the PythonOutput class. For example, this function stores events in a list to use them later:
>>> events = []
>>> def storeEvents(event):
... events.append(event)
...
>>> from realtimekql import *
>>> o = PythonOutput(storeEvents)
The PythonAdxOutput class allows you to ingest data to an Azure Data Explorer (Kusto) table through queued ingestion. The class can be instantiated as follows:
>>> from realtimekql import *
>>> o = PythonAdxOutput("YourCluster.kusto.windows.net", "YourDatabase", "YourTable", "YourClientId", "YourClientSecret", "YourAuthorityId", resetTable=True)
The Query
You can optionally pass a .kql query into Real-Time KQL to filter, transform, and enrich your events before they even reach the output stage.
The Input
Real-Time KQL supports various real-time and file input sources. Each input class takes a unique set of arguments, an instance of one of the output classes, as well as an optional path to a query file. This prints real-time Etw TCP events to console in JSON format:
>>> from realtimekql import *
>>> o = PythonOutput()
>>> e = EtwSession("tcp", o)
>>> e.Start()
Here are all the supported input options and how to use them:
EtwSession(sessionName, o, q)
EtlFileReader(filePath, o, q)
WinlogRealTime(logName, o, q)
EvtxFileReader(filePath, o, q)
CsvFileReader(filePath, o, q)
The variables o and q represent the output part and the query part respectively. The query part is optional and can be left out.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file realtimekql-2.2.4.tar.gz.
File metadata
- Download URL: realtimekql-2.2.4.tar.gz
- Upload date:
- Size: 4.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b6fcc123245376924df9d4d6b481f21ba6d18b11911305312cab495aacd047f |
|
| MD5 | 99222d4554145110862a0feba04c6c95 |
|
| BLAKE2b-256 | 9d800fe60a8d0a2eee83accb2147783815556f5c9646d5bacc05e6eb143c3f20 |
File details
Details for the file realtimekql-2.2.4-py3-none-any.whl.
File metadata
- Download URL: realtimekql-2.2.4-py3-none-any.whl
- Upload date:
- Size: 8.6 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 35fdfb5309405a8cc6360be6be824a8fe246644f81a8a6a758cf8073d3f211cd |
|
| MD5 | 35fc092829428946e5e844e3b2ef78df |
|
| BLAKE2b-256 | 736fcbfa10d8dd952ca475fab8e78c1512b2de291a073fe7ddeb6b71b2b93a35 |
