Skip to main content
Version: 3.5.1

aggregate Command

The aggregate command aggregates query results over given properties and applies the defined aggregation functions.

Usage‚Äč

aggregate [<group_props>:] <functions>

Parameters‚Äč

ParameterDescriptionRequired?Default Value
group_propsComma-delimited list of grouping properties‚ĚĆ
functionsComma-delimited list of grouping functions to be applied on every result node‚úĒÔłŹ
info

Each grouping variable can have an as <name> clause to give the variable a specific name: <path_to_prop> as <name>. If this as <name> clause is omitted, a name is derived from the property path.

The following functions are supported:

FunctionDescription
sum(x)Sum x over all incoming elements. x can be a static value or the path to a property.
min(x)Return the smallest seen x over all incoming elements.
max(x)Return the biggest seen x over all incoming elements.
avg(x)Compute the average over all x.

Function arguments can be variable names (e.g., min(path.to.prop)), static values (e.g., sum(1)), or even calculations using simple expressions (min(path.to.prop * 3 + 2)).

Each grouping function can have an as <name> clause to give the function result a specific name: <function>(..) as <name>. If this as <name> clause is omitted, a name is derived from the function name and property path.

Examples‚Äč

Count volumes in the system, grouped by kind
> search is(volume) | aggregate kind as kind: sum(1) as count
‚Äčgroup:
‚Äč kind: aws_ec2_volume
‚Äčcount: 1799
‚Äč---
‚Äčgroup:
‚Äč kind: gcp_disk
‚Äčcount: 1100
Count volumes and compute total volume size, grouped by kind
> search is(volume) | aggregate kind: sum(volume_size) as summed, sum(1) as count
‚Äčgroup:
‚Äč kind: aws_ec2_volume
‚Äčsummed: 130903
‚Äčcount: 1799
‚Äč---
‚Äčgroup:
‚Äč kind: gcp_disk
‚Äčsummed: 23930
‚Äčcount: 1100
Count volumes and compute total volume size
> search is(volume) | aggregate sum(volume_size) as summed, sum(1) as count
‚Äčsummed: 154833
‚Äčcount: 2899

Further Reading‚Äč

Contact Us

 

 

 

Some Engineering Inc.