Dashboard
Account 🔐
Sign Up
Login
Global Leaderboard
Game Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Kusto
›
distinct
Distinct
Kusto
Definition
In Kusto Query Language (KQL), The `distinct` operator returns unique values from a column or a set of columns. It removes duplicates so that each value appears only once in the output. You can use it when you want to count or list unique items such as user names, IP addresses, domains, or file names.
Explore More Terms
Password-Spray
Amcache
Take
Cyber Kill Chain
Threat Actor
Examples & Use Cases
``` OutboundNetworkEvents | distinct Domain ``` If the field contains: `example.com, example.com, test.com` The result will be: `example.com, test.com` You can also use more than one field: ``` AuthenticationEvents | distinct Account, IPAddress ``` This gives a list of unique account and IP address pairs. **Why it matters** Duplicate data can make analysis misleading or harder to interpret. * Helps identify unique values in large datasets * Removes redundant or duplicate records * Useful for counting unique entities (users, files, IPs, etc.) Using `distinct` improves clarity and ensures more accurate analysis when working with repeated data. --- ## Further Reading - [Microsoft Learn - distinct operator](https://learn.microsoft.com/en-us/kusto/query/distinct-operator)
.png)
