> For the complete documentation index, see [llms.txt](https://digitalgarden.batamladen.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://digitalgarden.batamladen.com/notes/query-languages/kql/and-or-or-or-limit-or-top.md). # and | or | limit | top ### and and is a boolean or logical operator. instead of using a command 2 times, you can use `and` to simplify the query. ```kql VMConnection | where ProcessName =="python3" | where SourceIp == "127.0.0.1" ``` :x: ```kql VMConnection | where ProcessName =="python3" and SourceIp == "127.0.0.1" ``` :white\_check\_mark: *** ### or or is also a boolean or logical operator. It is used when we need at least one condition correct. ```kql VMConnection | where RemoteLatitude >= 60 or ResponseTimeMax > 1000 ``` *** ### and or combination We can use the operators in combination with each other using parenthasis to define the query nice. ```kql WindowsFirewall | where (DestinationPort == '80' and Protocol == "TCP") or DestinationIP startswith "20" | project DestinationPort, Protocol, DestinationIP ``` Here we search for destination port 80 and protocol tcp rows to be returned, or rows where destination ip starts with '20'. Any of the two conditions meet is returned. *** ### limit As we have the sort by command and the order by command do the same thing,\ so do take and limit do the same thing. limit command does the same thing as take, it takes the defined number and returnes random rows. ```kql VMConnections | take 10 | limit 10 // both do the same thing. ``` *** ### top while take gives random results.\ top gives a set number or records based on how the dataset is ordered. ``` SigninLogs | top 10 by TimeGenerated desc ``` ``` VMConnection | where * has '389' | top 10 by TimeGenerated desc ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://digitalgarden.batamladen.com/notes/query-languages/kql/and-or-or-or-limit-or-top.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.