Adds doc for default node identifier

data-explorer/kusto/query/make-graph-operator.md

@@ -1,7 +1,7 @@
 ---
 title: make-graph operator
 description: Learn how to use the graph-to-table operator to build a graph structure from tabular inputs of edges and nodes.
-ms.reviewer: rocohen
+ms.reviewer: royo
 ms.topic: reference
 ms.date: 08/11/2024
 ---
@@ -15,15 +15,18 @@ The `make-graph` operator builds a graph structure from tabular inputs of edges
 
 *Edges* `|` `make-graph` *SourceNodeId* `-->` *TargetNodeId* [ `with` *Nodes1* `on` *NodeId1* [`,` *Nodes2* `on` *NodeId2* ]]
 
+*Edges* `|` `make-graph` *SourceNodeId* `-->` *TargetNodeId* [ `with_node_id=` *DefaultNodeId* ]
+
 ## Parameters
 
-| Name | Type | Required | Description |
-| -- | -- | -- | -- |
-| *Edges* | `string` |  :heavy_check_mark: | The tabular source containing the edges of the graph, each row represents an edge in the graph. |
-| *SourceNodeId* | `string` |  :heavy_check_mark: | The column in *Edges* with the source node IDs of the edges. |
-| *TargetNodeId* | `string` |  :heavy_check_mark: | The column in *Edges* with the target node IDs of the edges. |
-| *Nodes* | `string` || The tabular expressions containing the properties of the nodes in the graph. |
-| *NodesId* | `string` || The columns with the node IDs in *Nodes*. |
+| Name            | Type     | Required           | Description                                                                 |
+|-----------------|----------|--------------------|-----------------------------------------------------------------------------|
+| *Edges*         | `string` | :heavy_check_mark: | The tabular source containing the edges of the graph, each row represents an edge in the graph. |
+| *SourceNodeId*  | `string` | :heavy_check_mark: | The column in *Edges* with the source node IDs of the edges.                |
+| *TargetNodeId*  | `string` | :heavy_check_mark: | The column in *Edges* with the target node IDs of the edges.                |
+| *Nodes*         | `string` |                    | The tabular expressions containing the properties of the nodes in the graph.|
+| *NodesId*       | `string` |                    | The columns with the node IDs in *Nodes*.                                   |
+| *DefaultNodeId* | `string` |                    | The name of the column for the default node ID.                             |
 
 ## Returns
 
@@ -32,9 +35,15 @@ The `make-graph` operator returns a graph expression and has to be followed by a
 > [!NOTE]
 > Each node has a unique identifier. If the same node ID appears in both the *Nodes1* and *Nodes2* tables, a single node is created by merging their properties. If there are conflicting property values for the same node, one of the values is arbitrarily chosen.
 
+Users can handle node information in three ways:
+
+1. No node information required: `make-graph` completes with source and target.
+2. Explicit node properties: Provide up to two tabular expressions using "`with` *Nodes1* `on` *NodeId1* [`,` *Nodes2* `on` *NodeId2* ]".
+3. Default node identifier: Specify using "`with_node_id=` *DefaultNodeId*".
+
 ## Example
 
-The following example builds a graph from edges and nodes tables. The nodes represent people and systems, and the edges are different relations between nodes. The `make-graph` operator builds the graph. Then, there's a call to `graph-match` with a graph pattern that searches for attack paths to the "Trent" system node.
+The following example builds a graph from edges and nodes tables. The nodes represent people and systems, and the edges are different relations between nodes. The `make-graph` operator builds the graph. Then, there's a call to [graph-match](graph-match-operator.md) with a graph pattern that searches for attack paths to the "Trent" system node.
 
 :::moniker range="azure-data-explorer"
 > [!div class="nextstepaction"]
@@ -72,6 +81,38 @@ edges
 |---|---|---|
 |Mallory|Bob|Trent|
 
+## Example Default Node Id
+
+This example builds a graph from edges only, using the "name" property as the default node identifier. This is useful when creating a graph from a tabular expression of edges, ensuring the node identifier is available for the constraints section of the subsequent [graph-match](graph-match-operator.md) operator.
+
+:::moniker range="azure-data-explorer"
+> [!div class="nextstepaction"]
+> <a href="https://dataexplorer.azure.com/clusters/help/databases/Samples?query=H4sIAAAAAAAAA41Sy2rDMBC8%2ByuWnGyw8wEtDqSlx0KhhR5CCIq0xGosyUjrhkA%2Fviu%2F3VPxQUYzOzszdo0EqC4YoAQliJ9zjWlwrZf4EMhre8lBYSBtBWlnp7s4dKJ7M7IySA6QAGz2tZa4yWHz5M7xkM6Y1mopCMOnporv1rwPj5biC%2Fk2UBjxYXxCKxHe0BsdAtsYSS%2FfncSkJYiEvE4ar6Kunb%2F%2FkzJsHAmMHx8h6dtJfsCIKxYXL5oK%2Bn6gKHbLbuDG8U7WKTxpVVphkKe6gcIIkhWkpl%2BWFYdhybHYpVxQ4x0HQ8XAKmaEKRaQRa%2B3Cj3CoLGN%2BlCWcwIQVkHHnrG%2BvQ4ZNm6nD9cRprCRstr9h7iuP9ph018oCfadBHr%2Bg5becniegzG2iDng7%2FdAaBiaTf8C4hVjl48CAAA%3D" target="_blank">Run the query</a>
+::: moniker-end
+
+```kusto
+let edges = datatable(source:string, destination:string, edge_type:string) 
+[ 
+  "Alice", "Bob", "communicatesWith",  
+  "Alice", "Trent", "trusts",  
+  "Bob", "Trent", "hasPermission",  
+  "Eve", "Alice", "attacks",  
+  "Mallory", "Alice", "attacks",  
+  "Mallory", "Bob", "attacks"  
+]; 
+edges 
+| make-graph source --> destination with_node_id=name
+| graph-match (mallory)-[attacks]->(compromised)-[hasPermission]->(trent) 
+  where mallory.name == "Mallory" and trent.name == "Trent" and attacks.edge_type == "attacks" and hasPermission.edge_type == "hasPermission" 
+  project Attacker = mallory.name, Compromised = compromised.name, System = trent.name
+```
+
+**Output**
+
+|Attacker|Compromised|System|
+|---|---|---|
+|Mallory|Bob|Trent|
+
 ## Related content
 
 * [Graph operators](graph-operators.md)