This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage.
Setting up the environment:
Return to the Dataexplorer and the Cluster, you created in the onboarding challange:
https://dataexplorer.azure.com/home
Script to be executed:
.execute database script <|
// Create the table with the traffic information.
// The data loading process estimated to take ~3-4min to complete (114M+ rows of data).
// Notes: VIN - is Vehicle ID
.create-merge table Traffic (Timestamp:datetime, VIN:string, Ave:int, Street:int)
.ingest async into table Traffic (@'https://kustodetectiveagency.blob.core.windows.net/digitown-traffic/log_00000.csv.gz')
.ingest async into table Traffic (@'https://kustodetectiveagency.blob.core.windows.net/digitown-traffic/log_00001.csv.gz')
.ingest async into table Traffic (@'https://kustodetectiveagency.blob.core.windows.net/digitown-traffic/log_00002.csv.gz')
The Challenge:
We have a situation, rookie.
As you may have heard from the news, there was a bank robbery earlier today.
In short: the good old downtown bank located at 157th Ave / 148th Street has been robbed.
The police were too late to arrive and missed the gang, and now they have turned to us to help locating the gang.
No doubt the service we provided to the mayor Mrs. Gaia Budskott in past - helped landing this case on our table now.
Here is a precise order of events:
08:17AM: A gang of three armed men enter a bank located at 157th Ave / 148th Street and start collecting the money from the clerks.
08:31AM: After collecting a decent loot (est. 1,000,000$ in cash), they pack up and get out.
08:40AM: Police arrives at the crime scene, just to find out that it is too late, and the gang is not near the bank. The city is sealed - all vehicles are checked, robbers can't escape. Witnesses tell about a group of three men splitting into three different cars and driving away.
11:10AM: After 2.5 hours of unsuccessful attempts to look around, the police decide to turn to us, so we can help in finding where the gang is hiding.
Police gave us a data set of cameras recordings of all vehicles and their movements from 08:00AM till 11:00AM. Find it below.
Let's cut to the chase. It's up to you to locate gang’s hiding place!
Don't let us down!Info: Each challenge has up to three hints that can be accessed through the hints section of your Detective UI.
Query Hint:
The trick with this challenge is you need to be able to create a set of vehicles that weren’t moving during the robbery, of course the catch is that only moving vehicles have records in the traffic data. KQL commands that will be useful for this challenge are join, remember that there are different kinds of joins and arg_max
Let's get started.
First we have to analyze the data and structure.
Operator involved: take
# Step 1
# Show 10 entries of the Traffic table
Traffic | take 10
Next we have to filter for a specific street and avenue as well time range.
For this we use the where and join (kind=leftanti) operator.
# Step 2
# This query retrieves traffic data for a specific street and avenue within a
# specific time range (08:31:00 to 08:40:00) and excludes any data that also
# appears in an earlier time range (08:17:00 to 08:31:00) based on the VIN
# column.
Traffic
| where Street == 148 and Ave == 157
| where Timestamp > datetime(2022-10-16T08:31:00Z) and Timestamp < datetime(2022-10-16T08:40:00Z)
| join kind=leftanti ( Traffic | where Timestamp >= datetime(2022-10-16T08:17:00Z) and Timestamp <= datetime(2022-10-16T08:31:00Z)) on VIN
References:
Kusto Detective Agency: Challenge 2 – Election fraud in Digitown!
https://it-infrastructure.solutions/kusto-detective-agency-part1/