This is an old revision of the document!
Kusto Query Language (KQL)
Queries
Select records where a column does not contain any of the listed substrings
SecurityEvent
| where not(Computer has_any ("mgmt", "imagine"))
Alternate form that works for a single substring match
SecurityEvent | where not(Computer contains "mgmt")
SecurityEvent | where Computer !contains "mgmt"
summarize
Get a count of records based on summarizing a specified column
Event
| where not(Computer has_any ("mgmt", "imagine"))
| summarize count() by Computer