I recently switched jobs and for the project I’m on we’re using Azure. As part of that we’re using Azure monitoring which uses the Kusto query language.
I’ve figured out how to use mv-expand to unpack a dyanamic array. It turns each element of the array into a new row. using the following command mv-expand {colname}.
It does not totally flatten out an array so for example [{"a":"b"}] will become {"a":"b"} not "b".
It can also be used to zip together multiple columns for example mv-expand a, b.