Spice Up Your Azure Sentinel KQL Query Results with Emoji

Here’s a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it.

Did you know that KQL supports emoji?

Emoji in KQL? Say it isn’t so!!

It has to be true emoji, but you can use any emoji search tool like the one found at https://emojipedia.org/.

Locate what you want and then use your mouse cursor to highlight the emoji and copy/paste it into your query. In the example above, you can see my cool dude and celebration emojis.

And, when you save your queries, the emoji sticks with it. You can even save the query to a text file and the emoji character is retained for later use.

Emoji madness!

So, yeah…you may have already asked yourself, boy how much spare time does this guy have? Well, we’ve been dealing with Covid-19 here for a couple weeks so I’ve had more time than normal to play around through the boredom.

Have fun with it and let me know what you come up with.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

Authors