Annotate Events With Aggregation - Example 1 | LogScale Query Examples | LogScale Documentation

Skip to content

LogScale Documentation Library Guidance Release Notes Integrations Query Examples Training API GraphQL Search Archives Contact Support

Annotate Events With Aggregation - Example 1

Annotate events using stats() function and aggregation

Query

logscale

kvParse()
| stats([
avg(x),
table([x])
])

Introduction

The stats() function can be used to compute multiple aggregate functions over the input.

In this example, the stats() function is used with aggregation on the field x.

Example incoming data might look like this:

x=1
x=2
x=9
x=10

Step-by-Step

Starting with the source repository events.
logscale
```
kvParse()
```
Parses the string into key value pairs.
logscale
```
| stats([
avg(x),
table([x])
])
```
Computes the aggregate functions avg() and table() over the field x, and returns the results in a field named _avg and a field named x. Note that the table() function returns more rows as output, whereas the avg() function only returns 1 row.
Event Result set.

Summary and Results

The query is used to compute multiple aggregate functions over an input.

Sample output from the incoming example data:

_avg	x
5.5	1
5.5	2
5.5	9
5.5	10

Enter search term