My Games
Account 🔐
Sign Up
Login
Global Leaderboard
Case Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Kusto
›
distinct
Distinct
Kusto
Definition
In Kusto Query Language (KQL), The `distinct` operator returns unique values from a column or a set of columns. It removes duplicates so that each value appears only once in the output. You can use it when you want to count or list unique items such as user names, IP addresses, domains, or file names. **Example** ``` OutboundNetworkEvents | distinct Domain ``` If the field contains: `example.com, example.com, test.com` The result will be: `example.com, test.com` You can also use more than one field: ``` AuthenticationEvents | distinct Account, IPAddress ``` This gives a list of unique account and IP address pairs. **Why it matters** Analysts use `distinct` to reduce noise and focus on what is truly different in a dataset. It is especially useful when you want to count unique entities or check how many different systems or users are involved in an event.
Explore More Terms
Investigation
Phishing-Campaign
Hostname
Impact
Dark-Web
.png)
