/
Aggregate data
Document toolboxDocument toolbox

Aggregate data

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Jun 15, 2023 by Borja Moro Moreno (Unlicensed)
2 min read
[ 1 How to aggregate your data ] [ 2 Example ]

How to aggregate your data

Aggregations are operations that can be performed on table data that has already been grouped by a time interval. Aggregate functions perform a calculation on a set of values and return a single value. Operations include counting records in a group, identifying the minimum or maximum value in a group, or calculating the sum of field values in a group (learn more about grouping your data in Group data. When you create an aggregation, a new field appears in the table displaying the results of the operation.

Having already grouped your table data as required, follow these steps to aggregate the grouped values:

Example

In the example below, we have analyzed the correlation between method and response time in the siem.logtrust.web.activity table. First, we have grouped our data with no temporal option by method and response time to obtain the unique value combinations found between them. Then, we used the Count aggregation function with no arguments to know the number of occurrences for each combination.

 

You can use the following query to replicate the example:

from siem.logtrust.web.activity group by method, responseTime every - select count() as count

 

Related article:

Related content

Group data
Group data
Devo latest
Read with this
Aggregate data
Aggregate data
7.13
More like this
Filter data
Filter data
Devo latest
Read with this
Collect compact
Collect compact
Devo latest
More like this
Build a query using LINQ
Build a query using LINQ
Devo latest
Read with this
Collect distinct
Collect distinct
Devo latest
More like this