Merge pull request #286 from KenMAG/master

Resolves issue #284 Learning Path 4 - Lab 1 - Exercise 1 - Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Allfiles/SC200_module4_KQL_scripts.txt

@@ -41,7 +41,7 @@ In this task, you will build basic KQL statements.
 1. The following statement demonstrates the **search** operator, which searches all columns in the table for the value. In the Query Window enter the following statement and select **Run**: 
 
 ```KQL
-search "new"
+search "location"
 ```
 
 2. The following statement demonstrates searching across tables listed with the "in" clause. Enter the following statement and select **Run**: 

Instructions/Labs/LAB_AK_04_Lab1_Ex1_KQL.md

@@ -48,12 +48,18 @@ In this task, you will build basic KQL statements.
 
 >**Important:**  For each query, clear the previous statement from the Query Window or open a new Query Window by selecting **+** after the last opened tab (up to 25).
 
-1. The following statement demonstrates the **search** operator, which searches all columns in the table for the value. In the Query Window enter the following statement and select **Run**: 
+1. The following statement demonstrates the **search** operator, which searches all columns in the table for the value. 
+
+1. Change the *Time range* to **Last 30 minutes** in the Query Window.
+
+1. In the Query Window enter the following statement and select **Run**:
 
     ```KQL
-    search "new"
+    search "location"
     ```
 
+    >**Note:** Using the *Search* operator without specific tables or qualifying clauses is less efficient than table-specific and column-specific text filtering.
+
 1. The following statement demonstrates **search** across tables listed within the **in** clause. In the Query Window enter the following statement and select **Run**: 
 
     ```KQL