Important
This function is considered experimental and under active development and should not be used in production.
The function must be enabled using the feature flag ArrayFunctions. See Enabling & Disabling Feature Flags.
Computes an aggregated value of an array on all events.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
array[a] | string | required | The prefix of the array in LogScale, for example, for events with fields incidents[0], incidents[1], ... this would be incidents. | |
as | string | optional[b] | _reduceRow | Name of the output array. |
function | function | required | Aggregate function to use (for example, max()). Must be an aggregate function that outputs a single event with a single field. | |
var | string | required | Placeholder field name to use for array element to use in aggregate function. | |
[b] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
arraycan be omitted; the following forms of this function are equivalent:logscale Syntaxarray:reduceRow("value",var="value",function="value")and:
logscale Syntaxarray:reduceRow(array="value",var="value",function="value")These examples show basic structure only.
Only aggregate functions that return a single event with a
single field (such as avg(),
count(), sum(),
max() etc.) are allowed as the
function
argument.
The function cannot be join() or
groupBy().
array:reduceRow()Examples
Click next to an example below to get the full details.
Calculate Average of Field Values in an Array
Calculate Average of Field Values in a flat array using the
array:reduceRow() function
Query
array:reduceRow("ages[]", var=x, function=avg(x))Introduction
In this example, the array:reduceRow() function is
used to calculate the average age of the field
ages and return the result in a
field named _reduceRow._avg.
Example incoming data might look like this:
| ages[0] | ages[1] | ages[2] |
|---|---|---|
| 16 | 32 | 64 |
| 15 | 30 | 45 |
| 1 | 2 | 4 |
| 89 | 57 | 67 |
Step-by-Step
Starting with the source repository events.
- logscale
array:reduceRow("ages[]", var=x, function=avg(x))Produces two events, calculating the average value across the ages[] array for each event. The results are placed into the _avg field for each new event.
Event Result set.
Summary and Results
The query is used to calculate averages for a given array for each event
and is a shorthand version of using array:eval()
specifically for processing each event.
Sample output from the incoming example data:
| ages[0] | ages[1] | ages[2] | _avg |
|---|---|---|---|
| 16 | 32 | 64 | 37.333 |
| 15 | 30 | 45 | 30 |
| 1 | 2 | 4 | 2.67 |
| 89 | 57 | 67 | 71 |
Note that the evaluation is per event, for example per row of the
overall table of values across the array over all events. To calculate
values across the column of values, use
array:reduceColumn().