( WVDConnections | where State == "Connected" | extend Protocol = iif(UdpUse in ("0", "<>"), "TCP", "UDP") ) on CorrelationId | project CorrelationId, StartTime, EndTime, UserName, SessionHostName, RTTP90, BWP90, Protocol, ClientOS, ClientType, ClientVersion, ConnectionType, ...