Compute Average Value for Each Array Element With Same Index

Compute an average value for each array element with the same index across multiple events using the array:reduceColumn()

Query

logscale
maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))

Introduction

The array:reduceColumn() function can be used to compute an average value for each array element with the same index.

In this example, the array:reduceColumn() function is used to find the maximum time for each array element with same index in a flat array.

Example incoming data might look like this:

ages[0]ages[1]ages[2]
163264
153045
124
895767

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))

    Computes the average for each array element with same index in the array and reduces it to one value, placing the result for each index into a new field _reduceColumn.

  3. Event Result set.

Summary and Results

The query is used to find the maximum time for each array element with same index in a flat array.

_reduceColumn[0]_reduceColumn[1]_reduceColumn[2]_reduceColumn[3]
40.340.363.3