Dashboard
Account 🔐
Sign Up
Login
Global Leaderboard
Game Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Kusto
›
split
Split
Kusto
Definition
The `split` function in Kusto Query Language (KQL) breaks a string into an array of substrings based on a specified delimiter. It returns each segment between the delimiters as an element in the array, preserving the original order. This makes it useful for parsing structured text, such as separating comma- or space-delimited values into individual components for further analysis.
Related Terms
Mv-Expand
Examples & Use Cases
## Split ### Definition The `split()` function is used to divide a string into multiple parts based on a specified delimiter. It returns a dynamic array where each element represents a portion of the original string. This is useful when working with text that follows a consistent separator format, such as commas, spaces, or special characters. --- ### Examples & Use Cases ``` | extend Parts = split(Message, ",") ``` If `Message` contains: apple,banana,orange It will produce: * ["apple", "banana", "orange"] --- ### Accessing Specific Elements You can access individual elements using an index: ``` | extend FirstItem = split(Message, ",")[0] ``` This returns: * apple --- ### Using with mv-expand To analyze each value separately, combine with `mv-expand`: ``` | extend Parts = split(Message, ",") | mv-expand Parts ``` This produces: * apple * banana * orange Each item is now in its own row. --- ### Splitting by Different Delimiters ``` | extend Words = split(Message, " ") ``` Splits a sentence into individual words based on spaces. --- ### Why it matters Many datasets store multiple values inside a single string separated by delimiters. * Converts a single string into an array for easier processing * Enables extraction of specific elements by position * Works well with operators like `mv-expand` for deeper analysis However, results depend on consistent formatting. If delimiters are inconsistent, the output may not be reliable. --- ## Further Reading - [Microsoft Learn - split() function](https://learn.microsoft.com/en-us/kusto/query/split-function)
.png)
