Calls the named function on a field over a set of events. The result is returned in a field named _function for the selected function. This allows having the function name as a dashboard parameter.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _function | Name of output field. |
field | string | required | Field to extract a number from and calculate function over. | |
function[b] | string | required | Function to run. | |
| Valid Values | ||||
avg | The avg() function | |||
count | The count() function | |||
max | The max() function | |||
min | The min() function | |||
range | The range() function | |||
sum | The sum() function | |||
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
functioncan be omitted; the following forms of this function are equivalent:logscale SyntaxcallFunction("value",field="value")and:
logscale SyntaxcallFunction(function="value",field="value")These examples show basic structure only.
callFunction() Examples
Click next to an example below to get the full details.
Call Named Function on a Field - Example 1
Calls the named function (avg()) on a field over a set of events
Query
avg_sent:=callFunction("avg", field=bytes_sent)Introduction
In this example, the callFunction() function is
used to find the average bytes sent in HTTP responses. It calls the
named function (avg()) on a field over a set of
events.
Step-by-Step
Starting with the source repository events.
- logscale
avg_sent:=callFunction("avg", field=bytes_sent)Finds the average bytes sent in HTTP response, and returns the results in a new field named avg_sent. Notice that the
avg()function is used indirectly in this example. Event Result set.
Summary and Results
The query is used to find the average bytes sent in HTTP responses.
Using a query parameter (for example, ?function) to
select the aggregation function for a timeChart()
is useful for dashboard widgets.
Using callFunction() allow for using a function
based on the data or dashboard parameter instead of writing the query
directly.
Call Named Function on a Field - Example 2
Calls the named function (count()) on a field over a set of events
Query
timeChart(function=[callFunction(?{function=count}, field=value)])Introduction
In this example, the callFunction() function is
used to call the named function (count()) on a
field over a set of events using the query parameter
?function.
Step-by-Step
Starting with the source repository events.
- logscale
timeChart(function=[callFunction(?{function=count}, field=value)])Counts the events in the value field, and displays the results in a timechart.
Notice how the query parameter
?functionis used to select the aggregation function for atimeChart(). Event Result set.
Summary and Results
The query is used to count events and chart them over time. Because we
are using callFunction(), it could be a different
function based on the dashboard parameter.
Using a query parameter (for example, ?function) to
select the aggregation function for a timeChart()
is useful for dashboard widgets.
Using callFunction() allow for using a function
based on the data or dashboard parameter instead of writing the query
directly.