The query function returns the full query string of the current search as a text value.

This is useful for audit logging, debugging, and annotating exported results so that the exact search that produced them can be traced later.

Syntax

​

query()

Arguments

​

None.

Returns

​

A string containing the full query string of the current search.

Examples

​

Append the originating query as a field on each exported event:

dataset=myDataset
|| extend source_query=query()
|| export to lake myAuditDataset

Build a full provenance record alongside the job ID and the user who ran the search:

dataset=myDataset
|| extend search_id=jobID(), run_by=user(), source_query=query()
|| export to lake myAuditDataset