This topic describes the syntax of general aggregate functions and provides examples on how to use these functions.
The Search/Analytics feature of Log Service allows you to use general aggregate functions to analyze logs. The following table describes the specific statements.
| Statement | Description | Example |
|---|---|---|
arbitrary(x) |
Returns an arbitrary value of input values. | latency > 100 | select arbitrary(method) |
avg(x) |
Returns the average (arithmetic mean) of input values. | latency > 100 | select avg(latency) |
checksum(x) |
Returns a Base64-encoded checksum of the specified input values. | latency > 100 | select checksum(method) |
count(*) |
Calculates the number of rows. | N/A |
count(x) |
Calculates the number of non-null values in input values. | latency > 100 | select count(method) |
count(digit) |
Functions the same as count(*) to calculate the number of rows. Example: count(1).
|
N/A |
count_if(x) |
Returns the number of true values in input values. | latency > 100 | select count_if(url like '%abc') |
geometric_mean(x) |
Returns the geometric mean of input values. | latency > 100 | select geometric_mean(latency) |
max_by(x,y) |
Returns the value of x associated with the maximum value of y over all input values. | Query the method for the maximum latency: latency>100 | select max_by(method,latency) |
max_by(x,y,n) |
Returns n values of x associated with the n largest of all input values of y. | Query the methods for the top three rows with the maximum latency: latency > 100 | select max_by(method,latency,3) |
min_by(x,y) |
Returns the value of x associated with the minimum value of y over all input values. | Query the method for the minimum latency: * | select min_by(x,y) |
min_by(x,y,n) |
Returns n values of x associated with the n smallest of all input values of y. | Query the method for the top three rows with the minimum latency: * | select min_by(method,latency,3) |
max(x) |
Returns the maximum value of input values. | latency > 100| select max(inflow) |
min(x) |
Returns the minimum value of input values. | latency > 100| select min(inflow) |
sum(x) |
Returns the sum of input values. | latency > 10 | select sum(inflow) |
bitwise_and_agg(x) |
Returns the bitwise AND of all input values in two's complement representation. | N/A |
bitwise_or_agg(x) |
Returns the bitwise OR of all input values in two's complement representation. | N/A |