Aggregate Operators
Available in Seq SQL queries
The following operators can be used in aggregate SQL Queries.
Count
Given a property name, computes the number of events that have a non-null
value for that property.
The special property name *
can be used to count all events.
select count(*) from stream where has(@Exception)
Distinct
Given a property name or expression, computes the set of distinct values for that expression.
select distinct(ExceptionType) from stream where Application like 'Admissions%'
distinct()
and count()
can be combined to count distinct values without returning them all.
select count(distinct(ExceptionType)) from stream
First/Last
Given an expression, returns the value of that expression applied to the first or last events in the target range.
select first(Elapsed), last(Elapsed) from stream group by time(5m)
Min/Max
Given a numeric expression or property name, computes the smallest or largest value for that expression.
select min(Elapsed / 1000) as ElapsedSeconds from stream group by time(1h)
Mean
Computes the arithmetic mean (average) of a numeric expression or property, i.e. sum(expr) / count(expr)
.
select mean(ItemCount) group by ItemId from stream
Events where the expression is null or not numeric are ignored and do not contribute to the final result.
Names
Returns one row for each property name encountered on matched events. Added in Seq 3.1.
select names() from stream
Percentile
Given an expression and a percentage p
, calculates the value of the expression at or below which p
percent of the results fall.
select percentile(ResponseTime, 95) from stream group by time(1h), MachineName
This is the nearest rank percentile.
Sum
Given an expression or property name, calculates the sum of that value.
select sum(ItemsOrdered) group by ItemId
Non-numeric results are ignored.
Top/Bottom
Selects the first or last n
values of an expression.
select top(ExceptionType, 10) from stream where Application <> 'Admissions'
Updated less than a minute ago