Important

This function is considered experimental and under active development and should not be used in production.

The function must be enabled using the feature flag ArrayFunctions. See Enabling & Disabling Feature Flags.

Computes an aggregate value for each array element with the same index.

ParameterTypeRequiredDefault ValueDescription
array[a]stringrequired  The prefix of the array in LogScale, for example, for events with fields incidents[0], incidents[1], ... this would be incidents.
asstringoptional[b]_reduceColumn Name of the output array.
functionarray of aggregate functionsrequired  Aggregate function to use (for example, max()). If several aggregators are listed for the function parameter, then their outputs are combined using the rules described for stats().
varstringrequired  Placeholder field name to use for array elements in the aggregate function.

[a] The parameter name array can be omitted.

[b] Optional parameters use their default value unless explicitly set.

Hide omitted argument names for this function

Show omitted argument names for this function

If, for example, all events contain arrays with the time taken for 3 different tasks, the query

logscale
array:reduceColumn(times, var=x,function=[avg(x), max(x)])

will compute the maximum and average time for each task.

If function is an aggregator that produces more than one event, such as groupBy(), the output of array:reduceColumn() will contain the same number of events as the maximum number of events produced in a column. The nth event will contain an array with the values from the nth event in all columns having an nth event. This can lead to unreliable ordering of the output if the internal aggregate does not output ordered events (such as groupBy()).

Click + next to an example below to get the full details.

Compute Aggregate Value for Each Array Element With Same Index

Compute an aggregate value for each array element with the same index using the array:reduceColumn()

Query
logscale
maxTimes := array:reduceColumn(times, var=x, function={time := max(x)})
Introduction

The array:reduceColumn() function can be used to compute an aggregate value for each array element with the same index. In this example, the array:reduceColumn() function is used to find the maximum time for each array element with same index in a flat array.

Example incoming data might look like this:

times[0]times[1]times[2]
123
510
Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    maxTimes := array:reduceColumn(times, var=x, function={time := max(x)})

    Computes the maximum time for each array element with same index in the array and reduces it to one value.

  3. Event Result set.

Summary and Results

The query is used to find the maximum time for each array element with same index in a flat array.

_reduceColumn[0]_reduceColumn[1]_reduceColumn[2]
523

Compute Average Value for Each Array Element With Same Index

Compute an average value for each array element with the same index across multiple events using the array:reduceColumn()

Query
logscale
maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))
Introduction

The array:reduceColumn() function can be used to compute an average value for each array element with the same index. In this example, the array:reduceColumn() function is used to find the maximum time for each array element with same index in a flat array.

Example incoming data might look like this:

ages[0]ages[1]ages[2]
163264
153045
124
895767
Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))

    Computes the average for each array element with same index in the array and reduces it to one value, placing the result for each index into a new field _reduceColumn.

  3. Event Result set.

Summary and Results

The query is used to find the maximum time for each array element with same index in a flat array.

_reduceColumn[0]_reduceColumn[1]_reduceColumn[2]_reduceColumn[3] 
40.340.363.3