The Log Service Query analysis function supports log analysis by mapping functions, with detailed statements and implications as follows:

Statements Meaning Example
Subscript operator [] Gets the result of a key in the map. -
histogram(x) Performs GROUP BY according to each value of column x and calculates the count. The syntax is equivalent to select count group by x . latency > 10 | latency > 10 | histogram(status), which is equivalent tolatency > 10 | select count(1) group by status
map_agg(Key,Value) Returns a map of key, value, and shows the random latency of each method. latency > 100 | select map_agg(method,latency)
multimap_agg(Key,Value) Returns a multi-value map of key, value, and returns all the latency for each method. latency > 100 | select multimap_agg(method,latency)
cardinality(x) → bigint Gets the size of the map. -
element_at(map<K, V>, key) → V Gets the value corresponding to the key. -
map() → map<unknown, unknown> Returns an empty map. -
map(array<K>, array<V>) → map<K,V> Converts two arrays into 1-to-1 maps. SELECT map(ARRAY[1,3], ARRAY[2,4]); — {1 -> 2, 3 -> 4}
map_from_entries(array<row<K, V>>) → map<K,V> Converts a multidimensional array into a map. SELECT map_from_entries(ARRAY[(1, ‘x’), (2, ‘y’)]); — {1 -> ‘x’, 2 -> ‘y’}
map_entries(map<K, V>) → array<row<K,V>> Converts an element in a map into an array. SELECT map_entries(MAP(ARRAY[1, 2], ARRAY[‘x’, ‘y’])); — [ROW(1, ‘x’), ROW(2, ‘y’)]
map_concat(map1<K, V>, map2<K, V>, …, mapN<K, V>) → map<K,V> The Union of multiple maps is required, if a key exists in multiple maps, take the first one. -
map_filter(map<K, V>, function) → map<K,V> Refer to the lambda map_filter function. -
transform_keys(map<K1, V>, function) → MAP<K2,V> Refer to the lambda transform_keys function. -
transform_values(map<K, V1>, function) → MAP<K,V2> Refer to the lambda transform_values function. -
map_keys(x<K, V>) → array<K> Gets all the keys in the map and returns an array. -
map_values(x<K, V>) → array<V> Gets all values in the map and returns an array. -
map_zip_with(map<K, V1>, map<K, V2>, function<K, V1, V2, V3>) → map<K,V3> Refer to power functions in Lambda. -