Document toolboxDocument toolbox

Aggregate data

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Jun 15, 2023 by Borja Moro Moreno
2 min read
[ 1 How to aggregate your data ] [ 2 Example ]

How to aggregate your data

Aggregations are operations that can be performed on table data that has already been grouped by a time interval. Aggregate functions perform a calculation on a set of values and return a single value. Operations include counting records in a group, identifying the minimum or maximum value in a group, or calculating the sum of field values in a group (learn more about grouping your data in Group data. When you create an aggregation, a new field appears in the table displaying the results of the operation.

Having already grouped your table data as required, follow these steps to aggregate the grouped values:

Example

In the example below, we have analyzed the correlation between method and response time in the siem.logtrust.web.activity table. First, we have grouped our data with no temporal option by method and response time to obtain the unique value combinations found between them. Then, we used the Count aggregation function with no arguments to know the number of occurrences for each combination.

 

You can use the following query to replicate the example:

from siem.logtrust.web.activity group by method, responseTime every - select count() as count

 

Related article: