values()

Table of Contents

Definition
Examples
Further Reading

Definition

values() returns a list of all distinct values in the table column as a multi-value entry. You can use it with transform commands that support aggregations.

Examples

Since values() returns all distinct values it can find, it’s recommended to limit the time range for the search.

The following example searches all distinct values in balance column and groups the result by operation column. where command is used to filter values that are negative. It also limits the date range to one hour.

%dpl
index=crud earliest=2021-01-08T00:00:00.000+03:00 latest=2021-01-08T01:00:00.000+03:00
| spath
| where balance > 0
| stats values(balance) by operation

example of values() aggregation command

Further Reading