Aggregate Query Functions

Humio’s query functions take a set of events, parameters, or configurations; and produce, reduce, or modify values within that set, or within the events themselves within the query pipeline.

Below is an alphabetical listing of Humio query functions that aggregate data from fields. For more information on a particular query function, click on it.

Function

Description

avg()

Calculates the average for a field over a set of events.

bucket()

Extends the groupBy function for grouping by time.

callFunction()

Calls the named function on a field over a set of events.

collect()

Collects fields from multiple events into one event.

count()

Counts events streaming through the function.

counterAsRate()

Calculates the rate for a counter field.

fieldset()

Retrieves a list of available fields.

fieldstats()

Retrieves statistics about fields.

groupBy()

Groups events by specified fields and executes aggregate functions on each group.

head()

Returns the oldest events.

holtwinters()

Used to generate a trendline for a periodic dataset.

linReg()

Computes linear relationship model between two variables using least-squares fitting.

max()

Finds the largest number for the specified field over a set of events.

min()

Finds the smallest number for the specified field over a set of events.

moment()

Calculates percentiles and returns one event with a field for each percentile given.

percentile()

Returns one event with a field for each percentile specified.

range()

Finds numeric range between smallest and largest numbers for field over a set of events.

rdns()

Events using RDNS lookup.

sankey()

Produces data compatible with Sankey widget.

selectLast()

Specify fields to select from events, keeping value of most recent event for each field.

selfJoin()

Used to collate data from events that share a key.

series()

Collects a series of values for selected fields from multiple events into one or more events.

session()

Collects events into sessions, and aggregates them.

sort()

Sorts events by their fields.

stats()

Used to compute multiple aggregate functions over the input.

stdDev()

Calculates the standard deviation for a field over a set of events.

sum()

Calculates the sum for a field over a set of events.

table()

Used to create a widget to present the data in a table.

tail()

Returns the newest events.

timeChart()

Used to draw a linechart where the x-axis is time.

top()

Finds the most common values of a field.

transpose()

Transposes a query results set by creating an event for each attribute.

window()

Computes aggregate functions over a sliding window of data.

worldMap()

Used to produce data compatible with the World Map widget.