Computes a value from all events and array elements of the specified array.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
array [a] | string | required | A string in the format of a valid array followed by [] . A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[] . | |
function | array of aggregate functions | required | The function to be applied to each element. If several aggregators are listed for the function parameter, then their outputs are combined using the rules described for stats() . | |
var | string | required | Array element field name to use in the function. | |
Syntactically, the function is similar to:
logscale Syntax
split(array)
| function(array)
but is more efficient.
The function applies to all the values across multiple events.
For example, with three events each containing an array
a[]
such that:
a[0] | a[1] | a[2] |
---|---|---|
1 | 4 | 2 |
3 | 5 | 2 |
5 | 2 | 3 |
Where the rows of a[]
across all events
are:
logscale Syntax
[1, 4, 2]
[3, 5, 2]
[5, 2, 3]
Running:
logscale
array:reduceAll("a[]", function=avg(x), var=x)
would result in the output:
logscale
_avg=3
since x
would take the values of:
logscale Syntax
{1, 4, 2, 3, 5, 2, 5, 2, 3}
array:reduceAll()
Examples
Click
next to an example below to get the full details.Compute an Aggregated Value of an Array on All Events
Compute an aggregated value of a flat array on all events using the array:reduceAll()
function