Aggregation
The following are scalar functions that you can use in the aggregation
streaming function to perform calculations over data in a given time-window.
average(X)
Calculates the average (mean) of values in a time window.
- Function Input
- number
- Function Output
- double
DSL example
The following example returns the average value of the "time_taken" field.
aggregate(windowed, average(get("time_taken")));
count(X)
Returns the number of non-null values in a time window.
- Function Input
- any
- Function Output
- long
DSL example
Returns the count of the "status_code" field.
aggregate(windowed, count(get("status_code")));
max(X)
Returns the maximum value in a time window.
- Function Input
- number
- Function Output
- number
DSL example
Returns the maximum value of the "time_taken" field.
aggregate(windowed, max(get("time_taken")));
mean(X)
Calculates the average (mean) of values in a time window.
- Function Input
- number
- Function Output
- double
DSL example
Returns the average value of the "time_taken" field.
aggregate(windowed, mean(get("time_taken")));
min(X)
Returns the minimum value in a time window.
- Function Input
- number
- Function Output
- number
DSL example
Returns the minimum value of the "time_taken" field.
aggregate(windowed, min(get("time_taken")));
sum(X)
Returns the sum of values in a time window.
- Function Input
- number
- Function Output
- number
DSL example
Returns the sum of the "time_taken" field.
aggregate(windowed, sum(get("time_taken")));
Core scalar functions | Arithmetic |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.0
Feedback submitted, thanks!