Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve queries performance: replace 'contains' with 'has' #41

Open
sloutsky opened this issue Jul 12, 2020 · 0 comments
Open

Improve queries performance: replace 'contains' with 'has' #41

sloutsky opened this issue Jul 12, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@sloutsky
Copy link

In Kusto (the underlying database engine used for Sentinel) : for the cases when the full worked is looked up - it is better (perf-wise) to use 'has' instead of 'contains'.

See Kusto best query practices:
https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/best-practices

"When using string operators:
Prefer has operator over contains when looking for full tokens. has is more performant as it doesn't have to look-up for substrings."
@netevert netevert added the enhancement New feature or request label Jul 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sloutsky @netevert