This guide will walk you through the process of downloading and setting up the KqlTools suite for use on either a Windows or Linux machine. Start by downloading the appropriate files for your machine:
Jump To:
- Install .NET Core SDK 3.1.200
- Download and extract the program files for Windows. (You can also download the files using the link at the top of the page.)
- Open a Command Prompt as Administrator and navigate to the folder where you've extracted the files.
- Navigate into the
win-x64folder. This is the folder from which you will run Real-Time KQL.
- From within the
win-x64folder, run the following command to get an overview of your options:
RealTimeKql --help- For more information and examples on using Real-Time KQL for Windows:
- Add the Microsoft package signing key to your list of trusted keys and add the package repository. Open a terminal and run the following commands:
wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb- Install the .NET SDK:
sudo apt-get update; \
sudo apt-get install -y apt-transport-https && \
sudo apt-get update && \
sudo apt-get install -y dotnet-sdk-3.1- Download and extract the program files for Linux. (You can also download the files using the link at the top of the page.)
- Open a terminal window and navigate to the folder where you've extracted the files.
- Navigate into the
RealTimeKql-linux-TestReleasefolder. This is the folder from which you will run Real-Time KQL.
- From within the
RealTimeKql-linux-TestReleasefolder, run the following command to get an overview of your options:
sudo ./RealTimeKql syslog --help- For more information and examples on using Real-Time KQL for Linux, see the syslog guide.