I have multiple Kusto databases in our cluster - each representing a continuous integration test run. I frequently like to search across multiple databases to see how widely an issue is occurring or when the issue first started happening.
I'll do something like this:
union (database('2018-08-*').['*InterestingTables'])
| where Message has "Danger, Danger, Will Robinson!" | project OccurrenceTime,Message
I get a great overview, but no way to know which database each row came from. The Message itself doesn't tell me enough to know if two adjacent rows are from the same environment or separate ones.
Is there a way to extend this with an additional column of which database and/or table the row came from before it was joined?
In Kusto Explorer, I'm looking at writing a function of some sort that will enumerate the databases one by one, filtering to the interesting rows, extending the row with the current DB, then union'ing them all together. I'm hoping there's an easier way to do this. Thinking through the pipeline it seems like it's too late by the time the union has been done - unless Kusto is carrying that info around in metadata I haven't found yet. This would be a lot easier via the CLI, but I'd prefer something that works in the Explorer.
What I'm after is a little like $table in a search result.
I've also tried | extend cursor_current() to see if it added anything interesting but that doesn't work in a cross-database scope.
I've been through the Query Language/Query Essentials pretty exhaustively, though may have missed it due to... well, exhaustion. :)
