Calls the named function on a field over a set of events. The result is returned in a field named _function for the selected function. This allows having the function name as a dashboard parameter.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _function | Name of output field. |
field | string | required | Field to extract a number from and calculate function over. | |
function[b] | string | required | Function to run. | |
| Valid Values | ||||
avg | The avg() function | |||
count | The count() function | |||
max | The max() function | |||
min | The min() function | |||
range | The range() function | |||
sum | The sum() function | |||
[a] Optional parameters use their default value unless explicitly set. [b] The parameter name | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
functioncan be omitted; the following forms of this function are equivalent:logscale SyntaxcallFunction("value",field="value")and:
logscale SyntaxcallFunction(function="value",field="value")These examples show basic structure only.
callFunction() Examples
Click next to an example below to get the full details.
Call Named Function on a Field - Example 1
Calls the named function (avg()) on a field over a set of events
Query
avg_sent:=callFunction("avg", field=bytes_sent)Introduction
The callFunction() function calls a specific
function. The parameters of the called function are passed as
parameters in callFunction(). In this
example, the callFunction() function is used
to find the average bytes sent in HTTP responses. It calls the
named function (avg()) on a field over a set
of events.
Step-by-Step
Starting with the source repository events.
- logscale
avg_sent:=callFunction("avg", field=bytes_sent)Finds the average bytes sent in HTTP response, and returns the results in a new field named avg_sent. Notice that the
avg()function is used indirectly in this example. Event Result set.
Summary and Results
The query is used to find the average bytes sent in HTTP
responses. Using a query parameter (for example,
?function) to select the aggregation function for
a timeChart() is useful for dashboard
widgets.
Using callFunction() allow for using a
function based on the data or dashboard parameter instead of
writing the query directly.
Call Named Function on a Field - Example 2
Calls the named function (count()) on a field over a set of events
Query
timeChart(function=[callFunction(?{function=count}, field=value)])Introduction
The callFunction() function calls a specific
function. The parameters of the called funcion are passed as
parameters in callFunction(). In this
example, the callFunction() function is used
to call the named function (count()) on a
field over a set of events using the query parameter
?function.
Step-by-Step
Starting with the source repository events.
- logscale
timeChart(function=[callFunction(?{function=count}, field=value)])Counts the events in the value field, and displays the results in a timechart.
Notice how the query parameter
?functionis used to select the aggregation function for atimeChart(). Event Result set.
Summary and Results
The query is used to count events and chart them over time.
Because we are using callFunction(), it
could be a different function based on the dashboard parameter.
Using a query parameter (for example, ?function)
to select the aggregation function for a
timeChart() is useful for dashboard
widgets.
Using callFunction() allow for using a
function based on the data or dashboard parameter instead of
writing the query directly.