I'm creating a workbook in Microsoft Sentinel, and I want to add some parameters to make the queries populating the panels more flexible. Specifically, I want to have a drop-down parameter with a list of all column names for a given table. This column name will be then be used in downstream queries.
Is there a KQL query that can return all column names for a given table? It looks like .show isn't supported in Log Analytics/Sentinel
Worst comes to worst I can make it a text field but would strongly prefer to have a drop-down menu
you can use the getschema function!
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/getschemaoperator
tablename | getschema