Calls the named function on a field over a set of events. The result is
returned in a field named
_function for the selected
function. This allows having the function name as a dashboard parameter.
Click + next to an example below to get the full details.
Call Named Function on a Field - Example 1
Calls the named function (avg()) on a field over a set of events
Query
logscale
avg_sent:=callFunction("avg",field=bytes_sent)
Introduction
The callFunction() function calls a specific
function. The parameters of the called function are passed as
parameters in callFunction(). In this
example, the callFunction() function is used
to find the average bytes sent in HTTP responses. It calls the
named function (avg()) on a field over a set
of events.
Step-by-Step
Starting with the source repository events.
logscale
avg_sent:=callFunction("avg",field=bytes_sent)
Finds the average bytes sent in HTTP response, and returns the
results in a new field named
avg_sent. Notice that
the avg() function is used indirectly in
this example.
Event Result set.
Summary and Results
The query is used to find the average bytes sent in HTTP
responses. Using a query parameter (for example,
?function) to select the aggregation function for
a timeChart() is useful for dashboard
widgets.
Using callFunction() allow for using a
function based on the data or dashboard parameter instead of
writing the query directly.
Call Named Function on a Field - Example 2
Calls the named function (count()) on a field over a set of events
The callFunction() function calls a specific
function. The parameters of the called funcion are passed as
parameters in callFunction(). In this
example, the callFunction() function is used
to call the named function (count()) on a
field over a set of events using the query parameter
?function.
Counts the events in the
value field, and
displays the results in a timechart.
Notice how the query parameter
?function is used to select
the aggregation function for a
timeChart().
Event Result set.
Summary and Results
The query is used to count events and chart them over time.
Because we are using callFunction(), it
could be a different function based on the dashboard parameter.
Using a query parameter (for example, ?function)
to select the aggregation function for a
timeChart() is useful for dashboard
widgets.
Using callFunction() allow for using a
function based on the data or dashboard parameter instead of
writing the query directly.