Find Range Between Smallest And Largest Numbers in Field

Find numeric range between the smallest and largest numbers in specified field using the range() function

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result
logscale
range(responsetime)

Introduction

A numeric range is the difference between the highest and lowest values in a specified numeric field across a set of events. The range() function can be used to calculate this difference and it works with both integer and floating-point fields.

In this example, the range() function is used to find the range of the values in the field responsetime.

Example incoming event data might look like this:

timestampendpointresponsetime
2025-04-30T07:00:00Z/api/users0.125
2025-04-30T07:00:01Z/api/login2.543
2025-04-30T07:00:02Z/api/data0.891
2025-04-30T07:00:03Z/api/users1.234
2025-04-30T07:00:04Z/api/search3.456
2025-04-30T07:00:05Z/api/login0.567
2025-04-30T07:00:06Z/api/data1.789
2025-04-30T07:00:07Z/api/users0.234

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    range(responsetime)

    Finds the range of the values in the field responsetime, and returns the result in a field named _range. The range() function always returns a single number (the difference between maximum and minimum).

  3. Event Result set.

Summary and Results

The query is used to calculate the difference between the highest and lowest values in the field responsetime across a set of events. Finding the range of responsetime in LogScale is particularly useful for performance analysis to identify performance inconsistancies. A small range indicates consistent performance, while a large range suggests reliability issues.

The range() function is commonly used with groupBy() for comparative analysis. See Find Range of CPU Usage by Host.

Sample output from the incoming example data:

_range
3.331