We’re looking to introduce whitelisting of Query String parameters on one of our customer’s sites. But that begs the question – what query strings parameters are in use? What are the most popular?

Well, I should be able to get this from the Application Gateway logs in Azure. But of course, the trick is in the right query. It took a bit of figuring out, but I got this:

AzureDiagnostics 
| where Category == 'ApplicationGatewayAccessLog'
| where TimeGenerated > ago(7d)
| where isnotempty( requestQuery_s )
| extend qp = parse_urlquery(requestQuery_s)["Query Parameters"]
| extend keys = bag_keys(qp)
| mv-expand keys
| summarize count() by tostring(keys)
| order by count_ desc

This get the query string parameters for each query that has a query string, parses them, gets the keys (i.e. the parameters) and summarizes by them. Nifty.