Computes a value from all events and array elements of the specified array.

ParameterTypeRequiredDefault ValueDescription
array[a]stringrequired   A string in the format of a valid array followed by []. A valid array can either be an identifier, a valid array followed by . and an identifier, or a valid array followed by an array index surrounded by square brackets. For example, for events with fields incidents[0], incidents[1], ... this would be incidents[].
functionarray of aggregate functionsrequired   The function to be applied to each element. If several aggregators are listed for the function parameter, then their outputs are combined using the rules described for stats().
varstringrequired   Array element field name to use in the function.

[a] The parameter name array can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Syntactically, the function is similar to:

logscale Syntax
split(array)
| function(array)

but is more efficient.

The function applies to all the values across multiple events.

For example, with three events each containing an array a[] such that:

a[0]a[1]a[2]
142
352
523

Where the rows of a[] across all events are:

logscale Syntax
[1, 4, 2]
[3, 5, 2]
[5, 2, 3]

Running:

logscale
array:reduceAll("a[]", function=avg(x), var=x)

would result in the output:

logscale
_avg=3

since x would take the values of:

logscale Syntax
{1, 4, 2, 3, 5, 2, 5, 2, 3}

Click + next to an example below to get the full details.

Compute an Aggregated Value of an Array on All Events

Compute an aggregated value of a flat array on all events using the array:reduceAll() function